Over on TechDirt, Karl Bode writes: Gravy Analytics, the parent company of Venntel, is like many dodgy data brokers. The company gleans vast troves of sensitive U.S. behavior and location cellphone data, then generally sells access to that data to a long line of folks. Including the U.S. government, which has increasingly turned to buying…
Category: Of Note
HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information
Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…
PowerSchool discloses breach affecting hosted and self-hosted school k-12 districts (2)
Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…
HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…
India’s Digital Data Protection Framework: Safety, Trust and Resilience
Samaya Dharmaraj reports: In an era where digital transformation shapes every aspect of governance, business, and daily life, safeguarding citizens’ personal data has become a top priority for India. Recognising the critical need for a secure andaccountable digital ecosystem, the government has taken significant steps to establish a robust framework for data protection and cyber resilience. At…
No need to hack when it’s leaking: Roomster edition (1)
There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…