Adams County, WI disclosed a breach in August that affected 258,000 and may have been an insider breach. But they only notified HHS/OCR of that breach a few weeks ago. I wonder why. There’s nothing on their site to explain the late notification.
Category: U.S.
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
US Breach Laws Are Coming: Vermont
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom…
Law firm notifies clients after backup drive stolen from lawyer’s car
I’ve often thrown up my cyber-hands in disgust at breaches that occur because people leave unencrypted PII or PHI in unattended vehicles. But sometimes, you read an incident report, and you can somewhat relate. This report by attorney Michael Koch, dba Lockhart, Britton & Koch in La Mesa, California is one of those times. From…
Breaches have (advertising cost) consequences for hospitals
The following is the abstract of an observational study published on The American Journal of Managed Care. The TL;DR version seems to be that if entities were to spend more proactively on security, they might not have to pay about 64% more annually in advertising costs over the next two years following a breach. Understanding…
California Department of Consumer Affairs suffers malware attack
Vincent Moleski reports: The California Department of Consumer Affairs suffered a malware attack Wednesday morning, affecting workstations and disrupting computer networks. Veronica Harms, the department’s deputy director, said in a prepared statement that all services to the public remained open, but the department had shut down some of its computer information network to protect electronic…