HealthITSecurity dives into an issue that both this site and Protenus have often addressed: the gap between when entities first become aware of a breach or that something likely happened, and the date on which they send notifications to affected patients. In some cases, entities’ disclosures and notifications are more than 60 days after they…
NZ: Privacy breach: More than 100 Hauora Tairāwhiti patient files in Gisborne missing
Ben Leahy reports: A Gisborne physiotherapist who lost more than 100 patient files from her practice has been found guilty of misconduct due to the risk to her patients’ privacy. Jane Moore committed the privacy breaches from 2012 to 2015 while working as a physiotherapist for Hauora Tairāwhiti district health board, according to a recent…
UK: Government in email privacy gaffe
BBC reports: A government department responsible for data protection laws has shared the contact details of hundreds of journalists. The Department for Digital, Culture, Media and Sport emailed more than 300 recipients in a way that allowed their addresses to be seen by other people. The email – seen by the BBC – contained a…
Dell laptops and computers vulnerable to remote hijacks
Catalin Cimpanu reports: A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April…
Seattle University laptop containing 2,000 Social Security numbers lost
Asia Fields reports: Seattle University is warning that the names and Social Security numbers of more than 2,000 people could be exposed after a university-issued laptop was lost last month. Files containing information for 2,102 current and former faculty, staff and their dependents are accessible from the unencrypted laptop, which a university employee lost on…
Charles River Laboratories discloses a breach, but details are lacking
From their SEC filing: On April 30, 2019, Charles River Laboratories International, Inc. (the “Company” or “Registrant”) notified clients of unauthorized access into portions of its information systems. Promptly upon detection of unusual activity in its information systems in mid-March, the Company commenced an investigation into this incident, coordinated with U.S. federal law enforcement, and engaged…