Dennis Fisher reports: In an effort to cut off an avenue used in some phishing attacks, Google is planning to block authentication attempts from some apps that use embedded browser frameworks in the near future. The change is part of a broader initiative by the company to get a better handle on when and how…
In: Files feared stolen from GST Intel records room
Wow. As far as a physical security FAIL goes, this is a contender. The Ahmedabad Mirror reports: Officials of the Directorate General of GST Intelligence (DGGI) in Gujarat on Sunday lodged a complaint of theft of record files from their storage unit in Ahmedabad. The DGGI storage unit is housed in an old and decrepit…
FL: Stuart’s city hall ransomware attack “more than likely” caused by phishing email scam
Melissa E. Holsman reports: The city is still recovering from an April 13 ransomware virus attack that most likely came from a phishing email scam on an employee’s desktop computer, the city manager said Monday. A computer virus dubbed Ryuk attacked the city’s servers in a ransomware demand that City Manager David Dyess said forced…
So how’s April so far?
Quick note: I haven’t been posting all the health data breaches or incidents I have already found this month, as in some cases, I’m waiting for responses from entities to my questions. But I am compiling the incidents in my worksheet that I provide to Protenus, Inc. for their analyses and freely available reports. Yesterday,…
The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now
Erin Smith Aebel of Shumaker, Loop & Kendrick, LLP writes: Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA when it comes to their maintenance of electronically held protected health information. One of those requirements is…
Washington AG Ferguson bill strengthening data breach laws passes Legislature
From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND …