A breach involving the Denver VA center was reported in the VA’s most recent monthly report to Congress. I’m including it here because it shows how thorough the VA can be in investigating breaches – and how time-consuming and labor-intensive it can be when someone neglects security measures like a cable: Incident Summary Two biomedical device laptops were…
#YO_NO! Messaging app ‘Yo’ gets hit by hackers
No one could have possibly seen this coming, right? Shaun Nichols reports: Just days after the Yo app debuted to much fanfare (and head-scratching), the mono-message social tool has fallen prey to hackers. A group of students from Georgia Tech University claim via TechCrunch to have accessed the application’s entire user database, and gained the ability to obtain…
Connecticut Governor Signs Pharmacy Reward Program Authorization Bill into Law
Hunton & Williams LLP writes: On June 12, 2014, Connecticut Governor Dannel Malloy signed a bill into law that may require retailers to modify their existing Health Insurance Portability and Accountability Act (“HIPAA”) authorizations for pharmacy reward programs. The law, which will become effective on July 1, 2014, obligates retailers to provide consumers with a “plain language summary of…
Advanced Care Hospitalists notifies patients of breach at billing vendor
Melanie Payne reports: Carol Crisafi received a disturbing letter in the mail. It came from a physician’s group that had cared for her while she was in Brandon Regional Hospital east of Tampa. Advanced Care Hospitalists PL said their “former billing company,” Doctors First Choice Billing in Miramar, had posted patients’ personal information on a…
House Oversight asks Inspector General of the FTC to investigate FTC’s actions in LabMD case
CORRECTION: In the original post, below, the CEO of Tiversa informed PHIprivacy.net that they never turned over the full 1718 File until October 2013, when it was subpoenaed by the FTC. The FTC’s own documents indicate that they obtained the 1718 File from the Privacy Institute in response to the CID, which means that they…
LinkedIn vulnerability to MITM attacks puts your data at risk – Zimperium
Zimperium Mobile Defence says that their testing found that LinkedIn users are at risk of Man-in-the-Middle Attacks: What information is vulnerable? Using basic MITM, we found that an attacker can extract a LinkedIn user’s credentials, hijack their session to gain access to all other LinkedIn information and impersonate the user. The following information is exposed,…