Roy Mark reports: Two key chairmen of U.S. House committees Oct. 1 urged HHS (Health and Human Services) Secretary Kathleen Sebelius to revise or appeal the agency’s controversial “harm standard” that would trigger a personal health record data breach notification. Under the current rules, companies that secure health information using encryption or destruction, no breach…
Category: Of Note
Soldiers’ Data Still Being Downloaded Overseas, Firm Says
Ellen Nakashima reports: The personal data of tens of thousands of U.S. soldiers — including those in the Special Forces — continue to be downloaded by unauthorized computer users in countries such as China and Pakistan, despite Army assurances that it would try to fix the problem, according to a private firm that monitors cybersecurity….
Better safe than sorry: Express Scripts should notify everyone
Almost a year after it was contacted by an extortionist, pharmacy benefits management company Express Scripts first learned that the extortionist was in possession of at least 700,000 more members’ personal information than they originally knew about. The company has now notified those individuals, but how many other members may also be affected? It’s time…
Breach reports involving paper records increase – ITRC
The Identity Theft Resource Center (ITRC) has released an interim report that reveals that breaches involving paper records appear to be increasing significantly compared to last year while the number of incidents involving electronic records has not showed a similar increase. According to a press release today, paper breaches currently account for 25% of all…
Probe Targets Archives’ Handling of Data on 70 Million Vets
Ryan Singel reports: The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data. At issue is a hard…
Hackers Breach Payroll Giant, Target Customers
Brian Krebs reports: Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information. […] Unlike typical so-called “phishing” scams — which are sent indiscriminately to large numbers of people in the hopes that…