Andrew Madden reports: Four groups representing survivors of historical institutional abuse have backed Interim Victims’ Advocate Brendan McAllister after a data breach at his office was attributed to a “procedural error”. A full review of how information is managed has been recommended following the breach that resulted in the identities of hundreds of abuse survivors being…
Ca: Security lapses in eHealth system increased risk of cyberattack, says auditor
Arthur White-Crummey reports: After finding numerous security gaps on laptops, tablets and smartphones connected to the eHealth system, Saskatchewan’s provincial auditor warned they could increase the risk of cyberattacks like the one that compromised sensitive personal information late last year. Judy Ferguson’s office identified unencrypted devices, inappropriate security settings, unrestricted USB ports and untrained staff…
Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years
Thomas Brewster reports: Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected…
CHI St. Luke’s Health Memorial Lufkin notifies patients of April security incident
June 22 — CHI St. Luke’s Health-Memorial Lufkin announced today that it has taken action after becoming aware of an incident that took place on April 23, 2020 in which an unapproved third party gained access to patient information. Though we have no evidence to confirm that information was actually viewed or obtained by the…
Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020
From Hunton Andrews Kurth: On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a…
Citing NY’s SHIELD Act, NYSBA Approves Cybersecurity CLE Requirement for All Attorneys
Caroline Morgan of Fox Rothschild reports that the New York State Bar Association (NYSBA) has approved a new requirement that New York attorneys take one cybsersecurity CLE credit. The proposal is presently before the New York CLE board for consideration. Read more on Privacy Compliance & Data Security.