Laura Dyrda reports that Landmark Hospital of Athens in Georgia is investigating the theft of medical records and on June 19 suspended three employees who may have been involved. But there’s likely a lot more to this story than employees stealing medical records. Four nurses at that hospital have filed a lawsuit against the hospital accusing…
‘Procedural error’ cause for leak of HIA names
Andrew Madden reports: Four groups representing survivors of historical institutional abuse have backed Interim Victims’ Advocate Brendan McAllister after a data breach at his office was attributed to a “procedural error”. A full review of how information is managed has been recommended following the breach that resulted in the identities of hundreds of abuse survivors being…
Ca: Security lapses in eHealth system increased risk of cyberattack, says auditor
Arthur White-Crummey reports: After finding numerous security gaps on laptops, tablets and smartphones connected to the eHealth system, Saskatchewan’s provincial auditor warned they could increase the risk of cyberattacks like the one that compromised sensitive personal information late last year. Judy Ferguson’s office identified unencrypted devices, inappropriate security settings, unrestricted USB ports and untrained staff…
Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years
Thomas Brewster reports: Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected…
CHI St. Luke’s Health Memorial Lufkin notifies patients of April security incident
June 22 — CHI St. Luke’s Health-Memorial Lufkin announced today that it has taken action after becoming aware of an incident that took place on April 23, 2020 in which an unapproved third party gained access to patient information. Though we have no evidence to confirm that information was actually viewed or obtained by the…
Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020
From Hunton Andrews Kurth: On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a…