WRDW reports: The director of the non-profit organization, Community in Action, left town and abandoned donations along with her clients’ personal information. Her landlord discovered copies clients’ social security cards, drivers’ licenses and birth certificates left in the home. Trish Wilcher took back possession of her rental home just a few weeks ago. She rented…
IRS Needs to Further Improve Controls over Financial and Taxpayer Data: GAO
The highlights of a new GAO report on the IRS: The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its…
Ca: Alberta Health Services implements new privacy training following massive fall 2015 breach
Jeremy Simes reports: Following a breach of privacy investigation at a southern Calgary hospital last fall, Alberta Health Services (AHS) has withdrawn or reduced disciplinary action against dozens of hospital employees, though they’re getting personalized training so it doesn’t happen again. The breach involved 48 South Health Campus employees in connection to a Calgary police…
Anti-Semitic fliers at Princeton U., other colleges were work of known hacker
Kevin Shea reports: The anti-Semitic fliers found on printers at Princeton University and dozens of other colleges last week were the work of a hacker once prosecuted in New Jersey on charges he stole 120,000 email addresses from AT&T-connected iPads. Andrew “Weev” Auernheimer, a self-described “white nationalist hacktivist” now living in the partially-recognized country of Abkhazia, said…
MA: Patient information taken from Northgate Medical Primary Care
David McKay reports that Northgate Medical Primary Care in Springfield, Massachusetts has issued a press release about a HIPAA breach. I haven’t been able to find any copy of it online or on their web site as of the time of this post, however. McKay reports: Northgate said they discovered in January that a former employee had…
Breach or Ransomware Attack? Can’t Sue Under HIPAA, but Maybe Under CFAA
Lucy Li of Fox Rothschild writes: HIPAA itself does not provide a private right of action. So when a hacker or rogue employee impermissibly accesses or interferes with electronic data or data systems containing protected health information, an employer subject to HIPAA cannot sue the perpetrator under HIPAA. Similarly, when a ransomware attack blocks access…