NBC in Connecticut reports: Police have arrested an employee of a substance use disorder treatment center in North Haven who is accused of stealing patients’ identities to get services like cable and internet. North Haven police arrested 39-year-old Kimberly Telford, of New Haven, who they said was a counselor at an outpatient center. She is…
Frederick Regional Health System notifies hospice patients of phishing incident
Frederick Regional Health System recently disclosed a phishing incident that compromised an undiclosed number of hospice patients’ personal and protected health information. Here is their notification, first reported by the Frederick News-Post. Frederick Regional Health System is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is to inform our…
Critical flaw lets hackers control lifesaving devices implanted inside patients
Dan Goodin reports: The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators that allows attackers to use radio communications to surreptitiously take full control of the lifesaving devices after they are implanted in a patient. Defibrillators are small, surgically implanted devices that deliver electrical shocks to treat potentially fatal irregular…
D.C. Attorney General Calls for Expanding Data Breach Notice Law
Daniel R. Stoller reports: The District of Columbia’s top lawyer has unveiled a proposal that would expand the city’s data breach notification law and give the attorney general’s office greater enforcement power. D.C. Attorney General Karl Racine (D) announced the Security Breach Protection Amendment Act March 21. It would regulate companies that faced “major data…
Oregon DHS discloses breach potentially affecting 350,000 after successful phisher gained access to employees’ email accounts
KDRV reports: Oregon’s Department of Human Services (DHS) revealed on Thursday that the private data of more than 350,000 clients may have been accessed in a massive data breach that began earlier this year. The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they…
NZ: Privacy Bill avoids notification fatigue
Tim Murphy reports: MPs have revised privacy legislation to avoid a risk of ‘notification fatigue’ in which holders of data would be forced to advise the public of even minor data breaches. Parliament’s justice select committee has raised the threshold in the Privacy Bill for when mandatory notifications to the Privacy Commissioner and affected individuals would…