Sara Gregory reports: Norfolk school officials this week notified the parents of students and employees whose medical information was publicly disclosed in school crisis plans online for a year until August. After staff and attorneys reviewed the plans, the district identified a total of 308 students and staff who were referenced in the school crisis…
Category: U.S.
State officials grill Minnesota DHS over two breaches
KSTP reports: On Wednesday, state leaders addressed two recent data breaches at the Department of Human Services. […] “Could you please try and help us connect why there was such a failure here of four months before folks were notified of the compromising situation of their private data?” asked Sen. Mary Kiffmeyer, (R) Big Lake….
Server cleanup at URMC renders 2.6M archived files useless
Patti Singer reports: A mishap during routine server cleanup at the University of Rochester Medical Center several months ago has made it impossible for staff in the affected departments to open 2.6 million files. The files were on a server used by finance, research and operations to archive documents that had not been used for at…
The 3 Biggest Data Security Takeaways From The 11th Circuit Decision In FTC v. LabMD
After providing some history the LabMD enforcement action by FTC, and the former’s appeal to the 11th Circuit, Tom Kulik of Scheef & Stone, LLP outlines what he considers the three biggest data security takeaways from the case. You can read his article on Above the Law.
Still sending data via unencrypted thumb drives in the mail? It will cost you.
Weibrecht Law in New Hampshire recently submitted a notification to their state with this explanation of their breach: On or about Monday September 10th, our office sent an unencrypted electronic copy (“thumb drive”) of a client file via US Postal Service. The envelope that the thumb drive was sent in was received by the recipient,…
Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History
From HHS/OCR, this record-setting announcement: Anthem, Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led…