Malware inserted on a server on October 23, 2011 wasn’t discovered until October 21, 2015, reports First Transit‘s external counsel. For almost four years, employees’ information, including name, address, date of birth, phone number, driver’s license number, and Social Security number may have been compromised. In response to the discovery, First Transit took the server offline…
OH: More details emerge about patient records found at recycling center
Katie Wedell provides more details about patient records found at a recycling center in Springfield, Ohio It seems the person who found the records and reported that there were “hundreds” of records underestimated how many there were. Community Mercy Health Partners could face penalties from the federal government for improperly disposing of private medical records after thousands of old laboratory…
UK: Former medical center director prosecuted for improper access of colleagues’ records
From the Information Commissioner’s Office: A former medical centre practice director Zita Driaunevicius-Cookson has been prosecuted at Bury & Rochdale Magistrates’ Court for accessing the medical records of colleagues and members of their family without consent. She was fined £300, ordered to pay costs of £434.73 and a victim surcharge of £20.
Audit Finds IT Security Flaws Still Plague Calif. Courts
Nick Cahill reports: Despite a 2013 audit revealing significant information security flaws, the Judicial Council of California hasn’t improved its control systems and remains “unacceptably” at risk for data breaches, according to a follow-up audit. The council’s case management records and human resources data are specifically jeopardized because of its failure to implement recommendations from…
House Financial Services Committee Passes Data Security Bill
NACS writes: On December 8, the House Financial Services Committee convened to mark up and subsequently pass legislation opposed by NACS: the Data Security Act of 2015 (H.R. 2205). Introduced by Representative Randy Neugebauer (R-TX), the bill would establish a national data security and breach notification standard that would impose enormous costs on most industries…
Russian Man Involved in Carder.su Gets 9 Years in Federal Prison in ID Theft Case
AP reports: A Russian citizen was sentenced in Las Vegas to nine years in federal prison and ordered to pay a share of $50 million in restitution after pleading guilty to racketeering and identity theft in a worldwide cybercrime organization. U.S. Attorney Daniel Bogden said Wednesday that Alexander Kostyukov also faces three years of supervised…