A new blog post from the Federal Trade Commission provides guidance to businesses on how the cybersecurity framework created by the National Institute for Standards and Technology (NIST) aligns with the FTC’s data security program. The post outlines the key elements of the NIST framework and how it relates to the FTC’s long-standing approach to data security….
UK: Data security incident trends
From the Information Commissioner’s Office, an interesting report with data for Q1 of 2016/17 by sector and attack type. Not surprisingly, the greatest number of breaches were reported by the healthcare sector: Analysis of the types of health data security incidents revealed that the most common sources were errors involving paper records, such as mailing or faxing errors,…
Watchdog: IRS failed to notify over 1M people of identity theft
Naomi Jagoda reports: The Internal Revenue Service identified close to 1.1 million taxpayers who were victims of employment-related identity theft from 2011 through 2015, but almost none of the victims were informed, a Treasury Department watchdog found in a report made public this week. “Employment-related identity theft can cause significant burden to taxpayers, including the…
New York State Psychiatric Institute notifies 21,880 research participants of hack
The New York State Psychiatric Institute, a facility owned and operated by the New York State Office of Mental Health, has reported the following incident to HHS as impacting 21,880 research participants: On June 17, 2016, New York State Psychiatric Institute (NYSPI) learned that, between April 28 and May 4, certain parts of our system were accessed…
Fired employee sues SF State for $1 million after alleged hack
Golden Gate Express reports on a lawsuit stemming from a breach you may not have heard about: A former SF State information security officer claimed in a lawsuit that she was fired in a University attempt to sweep “under the rug” a 2014 hack involving a significant student records breach including financial records and password reset…
Study finds flaws in MedSec’s criticism of St. Jude cyber security
Ransdell Pierson reports: University of Michigan researchers on Tuesday said their own experiments undermine recent allegations of security flaws in St. Jude Medical Inc’s pacemakers and other implantable medical devices. Shares of St. Jude fell 5 percent on Thursday after short-selling firm Muddy Waters and its business partner, cyber security company MedSec Holdings Inc, alleged…