Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Category: Subcontractor
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
The Blackbaud data breach — SuspectFile’s final chapter
Marco A. De Felice of SuspectFile is my brother by another mother. We don’t speak the same language, and we wouldn’t know each other if we passed on a street, but he has the same genetic disorder that I have: a determination to uncover information that breached entities try to bury or ignore. Since 2020,…
Janssen health database breached in cyber incident
Stefanie Schappert reports: IBM announced Wednesday that an unauthorized party breached the patient healthcare database it manages for the Johnson & Johnson-owned Janssen CarePath platform. Many of the patients are or have been treated for serious diseases, such as cancer. […] IBM says the breach exposed the sensitive information of an undisclosed number of patients,…
Defence Housing Australia Investigates Third-Party Data Breach
Daniel Croft reports: An investigation by Defence Housing Australia (DHA) is currently underway after it was notified that one of its third-party service providers had been hit by a cyber attack. The organisation, which provides housing and accommodation for military personnel and their families on and off base, has stressed that while there has been…
Indiana notifying Medicaid recipients of CareSource security breach
Carley Lanich reports: The protected health information of some Indiana Medicaid members may have been compromised in a recent security breach involving Ohio-based CareSource. Officials with the Indiana Family and Social Services Administration announced Friday that the breach of CareSource, a managed care entity, happened in late May and involved the personal information of more…