Catalin Cimpanu reports: Gaming giant Valve has called turning away a security researcher who reported a vulnerability in the company’s Steam gaming client “a mistake.” A Valve representative told ZDNet in an email today that the company has shipped fixes for the Steam client, updated its bug bounty program rules, and is reviewing the researcher’s…
Category: U.S.
Privacy Incident at Massachusetts General Hospital’s Neurology Department
August 22, Boston — Massachusetts General Hospital (“MGH”) is notifying approximately 9,900 individuals of a privacy incident involving MGH’s Department of Neurology in connection with some of its research programs. On June 24, 2019, MGH learned that an unauthorized third party had access to databases related to two computer applications used by researchers in the…
Hospital Not Liable for Facebook Post of Patient Medical Records
Mary Anne Pazanowski reports that once again, a court has ruled that an employer is not liable for what an employee does if they the employee was not acting within the scope of their employment duties: An Indiana hospital isn’t liable for an employee’s unauthorized actions that allegedly led to the posting of a patient’s…
Sonoma Valley Hospital Website, Email Addresses Hijacked
Jessica Davis reports on a potentially very serious cyberattack that is not the type of thing you’ll usually read on this site: Sonoma Valley Hospital was forced to give up its coveted three-letter domain name in early August after hackers hijacked its website, according to local news outlet Sonoma Index-Tribune. The website had been registered…
Feds: PainMD’s abandoned medical records at risk of being burned, shredded
Brett Kelman reports: Federal and state prosecutors have asked a judge to halt the destruction of thousands of medical records abandoned by PainMD, a Nashville-area pain clinic company that shut down earlier this year in the midst of a fraud investigation. The medical records, which could be evidence against PainMD or important to former patients, are currently stuck…
Are thedarkoverlord’s victims entitled to damages from Athens Orthopedic Clinic? Georgia Supreme Court to rule.
Bill Rankin reports: In the spring of 2016, a cyber thief calling himself the “Dark Overlord” hacked into the databases of a Clarke County medical clinic and emerged with the personal information of an estimated 200,000 patients. The Athens Orthopedic Clinic refused to pay the hacker’s ransom and advised current and former patients to set…