Patrick Howell O’Neill reports: … according to new research from Maddie Stone, a security researcher at Google: that it’s far too easy for hackers to keep exploiting insidious zero-days because companies are not doing a good job of permanently shutting down flaws and loopholes. The research by Stone, who is part of a Google security…
Oklahoma Tourism and Recreation Department investigates potential data security incident
Tiffany Bechtel reports: The Oklahoma Tourism and Recreation Department has received notice that an unknown person has been claiming to have stolen data from TravelOK.com and related websites. Officials say once the department was made aware of the claims they immediately contacted the Oklahoma Cyber Command to launch an investigation into the incident. They also took…
Court Denies Motion for Class Certification in Employee W-2 Data Breach Litigation
Joseph Lazzarotti and d Maya Atrakchi of JacksonLewis write: In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation. Just last week, a federal court in Illinois rejected a motion for class certification in a data…
Boise Man Sentenced to 3.5 Years in Federal Prison for Health Care Fraud and Aggravated Identity Theft
When people talk about medical identity theft, they are generally referring to the patient’s identity information being stolen and misused to seek and obtain medical care or for similar purposes. But healthcare fraud may also involve stealing the identity information of providers so that fraudulent bills can be created to defraud the government. Here’s a…
Goodwin says vendor breach may have exposed client data (updated)
Sara Merken reports: Goodwin Procter experienced an indirect security breach involving a third-party vendor whose services the firm uses for large file transfers, according to an internal memo reviewed by Reuters on Tuesday. Goodwin’s investigation into the matter, which is still ongoing, revealed a “small percentage of our clients may have experienced unauthorized access to…
HITECH Amendment Provides Some Protection For Covered Entities and Business Associates that Adopt Recognized Security Standards
Anna D. Kraus, Libbie Canter, Tara Carrier, and Olivia Vega of Covington & Burling write: On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law. The amendment requires the U.S. Department of Health and Human Services (“HHS”) to “consider certain recognized security practices of covered…