Press release: In response to growing concerns about online privacy and data protection, Indiana Attorney General Greg Zoeller today announced a legislative proposal to provide greater safeguards of Hoosiers’ personal and financial information online. Zoeller’s proposal has three main components aimed at providing stricter requirements for the safe storage of sensitive data, reducing harm to…
NY: Patient Calls NY Info-Sharing Unconstitutional
Jonathan Perlow reports: New York state is collecting confidential information on mental health patients to create a database of people it deems unfit to carry a firearm, according to a federal class action. Lead plaintiff Donald Montgomery claims the state created a reporting system, as part of the New York Secure Ammunition and Firearms Enforcement…
Medical Records Lessons from the Sony Breach
Ben DiPietro reports: Sony Pictures Entertainment could be penalized by regulators for the data breach that resulted in private health information of its employees becoming public, and could be socked with lawsuits as well. It remains to be seen which regulators might target the company, or which rules it might be accused of violating, but regardless of who…
Meet Anunak – The Hacker Crew That Owned Staples And Earned $18m In 2014
Thomas Fox-Brewster reports: In November this year, dignitaries and bigwigs of the cyber security industry gathered inside Europol’s headquarters in The Hague. As they talked about general issues affecting the community, namely financially-motivated criminals, ears pricked up when one particular strain of malware, called Anunak, was said to have brought about the “armageddon” of the…
Court case places patient-physician relationship in the balance
Via Dr. Ken Pope’s mail list, this news release from the AMA: Two essential elements of medical practice—patient privacy and the patient-physician relationship—are at stake in a case before a federal appeals court that involves a state prescription drug monitoring program (PDMP) and surveillance by the U.S. Drug Enforcement Administration (DEA). The issue in question…
Incident Summary #4: Service provider inadvertently discloses email addresses of nearly 300 customers in mass email
Posted yesterday by the Office of the Privacy Commissioner of Canada: Service provider inadvertently discloses email addresses of nearly 300 customers in mass email Incident A customer of a service provider received a routine email from the service provider advising her of when her seasonal service would be reconnected. However, she noticed that the email…