On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window…
Category: U.S.
Hosting Provider Exposed 63M Records incl. WP & Magento
I missed this report from Jeremiah Fowler the other day: On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting provider,…
Biden Is Expected to Keep Scrutiny of Tech Front and Center
Cecilia Kang, David McCabe and Jack Nicas report: The tech industry had it easy under President Barack Obama. Regulators brought no major charges, executives rotated in and out of the administration, and efforts to strengthen privacy laws fizzled out. The industry will have it much harder under president-elect Joseph R. Biden Jr. Bipartisan support to…
Human error leads to 27.7M people in Texas impacted in Vertafore ‘data event’
Nick Greenhalgh reports: A few months after its $5.3 billion acquisition by Roper Technologies Inc. (NYSE: ROP), Denver insurance tech giant Vertafore is in the midst of what the company is calling a “data event.” The company released a statement on Nov. 10 detailing human error that caused company data files to be accessed without authorization. The…
OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its eleventh settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health records at a reasonable…
Breach Lawsuit Spotlights Complex Vendor Issues
Marianne Kolbasuk McGee reports on a lawsuit that stems from a breach first reported on this site in March, 2019. She reports: A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 individuals. The case illustrates the complexities…