Of Note – Page 732 – DataBreaches.Net

Former UPMC Shadyside Hospital employee charged with HIPAA violation

Posted on September 18, 2010 by Dissent

In the first HIPAA prosecution in the Western District of Pennsylvania, United States Attorney David J. Hickton announced this week that a resident of Monroeville, Pa., had been indicted by a federal grand jury in Pittsburgh on charges of multiple illegal disclosures and use of patient individually identifiable health information for personal gain. The Health…

CA: 33,000 patient records sold for the value of the paper

Posted on September 17, 2010 by Dissent

I saw this press release on the breach I mentioned yesterday on PHIprivacy.net where a janitor allegedly sold 14 boxes of patient records to a recycler for the value of the paper although I cannot find a copy of this press release on either the DHS web site or the LASD web site: The Los…

The Securosis 2010 Data Security Survey

Posted on September 15, 2010 by Dissent

Over the summer we initiated what turned out to be a pretty darn big data security survey. The primary goal of the survey was to assess what data security controls people find most effective, as well as get a better understanding of how they are using the controls, what’s driving adoption, and a bit on…

CA: ID thief hits state coffers for $200,000

Posted on September 14, 2010 by Dissent

Julie Johnson reports: A mobile blood-testing company is believed to be the source of 500,000 California identities used to create fake drivers licenses and checks, investigators said. A Castro Valley man is at the center of what detectives called a “huge” scheme in which stolen identities were used to create fraudulent unemployment and in-home health…

‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps

Posted on September 13, 2010 by Dissent

Dennis Fisher writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in…

GAO Finds Agencies Lax On Data Protection

Posted on September 13, 2010 by Dissent

Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…