Andrea K. McDaniels reports: A doctor’s practice plan affiliated with the University of Maryland School of Medicine has notified patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. The orthopedics practice at The University of Maryland Faculty Physicians Inc. mailed letters to about 1,500 patients…
Category: U.S.
Summit Reinsurance Services breach affected 19,000
The Summit Reinsurance Services ransomware breach, noted previously on this site, is beginning to attract more attention. First State Update reports: As a result of multiple consumer complaints, the Delaware Department of Insurance has been made aware of a security breach, involving Summit Reinsurance Services, Inc. (“SummitRe”) and BCS Financial Corporation, both subcontractors of Highmark…
D-Link fights back against ‘baseless’ data security lawsuit
Corinne Reichert reports: Cause of Action Institute has announced that it will be defending D-Link against the United States Federal Trade Commission (FTC)’s “unwarranted and baseless” lawsuit claiming that the technology company put thousands of customers at risk of unauthorised access by failing to secure its IP cameras and routers. The FTC should not be…
Ball State U. sends ‘accidental email,’ violates FERPA
Oops. The Ball State Daily reports: An email sent out on Tuesday did more than just inform students about their academic status. Students who earned a GPA below 2.0 were notified in December about their academic progress, and on Jan. 10, another email was intended to inform students about ways to improve their GPAs. But…
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
Co-conspirator in Steubenville computer-hacking case is sentenced to 8 months
Greg Kocher reports: A computer hacker was sentenced Monday to eight months in prison for his role in helping a Winchester resident known online as “KYAnonymous” compromise a website and get involved in a controversy surrounding a rape case in Steubenville, Ohio. Noah McHugh, 26, of Alexandria, Va., had pleaded guilty in September to one…