Here’s another case where health care services were provided by someone using a stolen identity, but in this case the stolen identity was used to fraudulently authorize treatments and to defraud insurance carriers. John Sowell reports: Federal prosecutors have accused Cherie R. Dillon of health care fraud and aggravated identity theft tied to her Payette…
Plan Now to Comply with New Rhode Island Identity Theft Protection Act
John Ottaviani writes: Businesses, organizations, state and local governmental entities and individuals who collect and store personal information about Rhode Island residents should start planning now to comply with the new Rhode Island Identity Theft Protection Act, which goes into effect on June 26, 2016 and replaces the existing law. Businesses and organizations of any…
NSA Wants ‘Zero Day’ Process Kept Secret
Nicholas Iovino reports: The National Security Agency on Thursday defended hiding key details of its process for deciding whether to exploit or disclose software security flaws that make people vulnerable to hackers. The Electronic Frontier Foundation sued the NSA in 2014 for withholding records on the government’s handling of “zero days,” newly discovered security flaws…
Los Angeles physical therapy provider settles HHS charges that it impermissibly disclosed patient information
An announcement by HHS on Feb. 16 seems to have flown under most media radar. It seems that Complete P.T. used patient images and testimonials on their web site without patient consent, generating a complaint to HHS that HHS investigated and confirmed. Complete P.T. has admitted liability, agreed to pay $25,000, and has agreed to a…
California Attorney General Releases Report Defining “Reasonable” Data Security
I’ve previously posted a link to a report by the California Attorney General on breaches in California and recommendations, but I like that this post by Hunton & Williams focuses on the how the recommendations relate to “reasonable security:” Importantly, the Report states that, “[t]he failure to implement all the [Center for Internet Security’s Critical Security]…
ORCID Security Incident
ORCID describes itself as an “open, non-profit, community-based effort to provide a registry of unique researcher identifiers and a transparent method of linking research activities and outputs to these identifiers. ORCID is unique in its ability to reach across disciplines, research sectors, and national boundaries and its cooperation with other identifier systems.” The following notice was…