Lucian Constantin reports: Companies relying on Microsoft BitLocker to encrypt the drives of their employees’ computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk. Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the…
NC: DHHS discloses second Medicaid data breach
WRAL reports that the North Carolina Department of Health & Human Services has had a second breach involving hundreds of Medicaid patients. It was the second time in as many months that an employee error involving unencrypted e-mail resulted in exposure of patient information. This time, the breach reportedly affected 524 patients. Officials said they have installed…
NJ: Personal records left unprotected at shuttered Brisbane center
Mike Davis reports: Inside the former Arthur Brisbane Child Treatment Center sat piles of cardboard boxes, turning the former psychiatric hospital into a makeshift storage facility. The files contained within run the gamut of both state employees and Brisbane patients, including personal information such as social security numbers, medical history and banking information. The only problem? The…
Illinois data breach: Dept. of Insurance posts personal information on public website
Marcia Lense reports: The Illinois Department of Insurance announced an inadvertent data release, that exposed critical personal information. According to a news release, the department received a complaint that Social Security numbers from a health care provider could be seen. The department says it had sent filings from Blue Cross Blue Shield to the System…
Common Market in Maine notifies customers of payment card breach
I’m not sure that posting a breach notification on a Facebook page is sufficient when you also have a web site where you could post the announcement. Assuming everyone is on Facebook is risky. Case in point: Common Market in Union, Maine, posted this on their Facebook page on October 30. ATTENTION COMMON MARKET CUSTOMERS…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…