The U.S. Department of Health and Human Services Office for Civil Rights has submitted its mandated report to Congress on breach reports it has received. The report covers incidents reported between September 23, 2009 (the date the breach notification requirements became effective), and December 31, 2010. Here are some of the highlights of the report:…
Category: Of Note
North Carolina psychologist settles state charges for dumping patients’ records, agrees to pay $40,000
The following press release from North Carolina Attorney General Roy Cooper is a follow-up to a breach previously covered on PHIprivacy.net: Dr. Ervin Batchelor of the Carolina Center for Development and Rehabilitation in Charlotte has paid $40,000 for illegally dumping files containing patients’ financial and medical information, Attorney General Roy Cooper announced Wednesday. “Any business you entrust with your information has a…
California Strengthens its Data Breach Notification Law
Joseph Lazzarotti writes: As we suspected, California’s current governor, Edmund G. “Jerry” Brown, Jr. (D), signed into law S.B. 24, which adds some additional protections to the state’s current data breach notification requirements. The champion of this law and its recent enhancements, State Sen. Joe Simitian (D-Palo Alto), has finally succeeded after a number of prior attempts to pass this measure…
Kr: Report on hacking incidents to be required of companies
All listed and financial companies must report a security breach, with the scope of disclosure on major management issues including M&As being expanded to hacking incidents. The Knowledge Economy Ministry said Thursday that as early as 2014, companies must inform whether they have been hacked and how they can cope with such incidents on either…
Data Breaches Harder to Understand
Brian Martin of the Open Security Foundation and DataLossDB.org project writes: On the off chance you missed any news outlet the last 30 days, an “anti security” movement has been reborn. Started in 1999, theAntisec Movement focused on encouraging security consultants and hackers not to disclose vulnerabilities to vendors. The recent resurgence of this movement has…
WikiLeaks breach exposes unredacted US cables; organization blames Guardian reporter
James Ball of The Guardian reports: A Twitter user has now published a link to the full, unredacted database of embassy cables. The user is believed to have found the information after acting on hints published in several media outlets and on the WikiLeaks Twitter feed, all of which cited a member of rival whistleblowing…