I’ve occasionally posted audits of school districts in New York State conducted by the NYS Comptroller’s Office. Yesterday, Comptroller DiNapoli released some new audits yesterday. One of them involved an audit of information technology at the East Quogue Union Free School District in Suffolk County. The audit covered the period July 1, 2012 — August 31,…
Inside a VA breach investigation
A breach involving the Denver VA center was reported in the VA’s most recent monthly report to Congress. I’m including it here because it shows how thorough the VA can be in investigating breaches – and how time-consuming and labor-intensive it can be when someone neglects security measures like a cable: Incident Summary Two biomedical device laptops were…
#YO_NO! Messaging app ‘Yo’ gets hit by hackers
No one could have possibly seen this coming, right? Shaun Nichols reports: Just days after the Yo app debuted to much fanfare (and head-scratching), the mono-message social tool has fallen prey to hackers. A group of students from Georgia Tech University claim via TechCrunch to have accessed the application’s entire user database, and gained the ability to obtain…
Connecticut Governor Signs Pharmacy Reward Program Authorization Bill into Law
Hunton & Williams LLP writes: On June 12, 2014, Connecticut Governor Dannel Malloy signed a bill into law that may require retailers to modify their existing Health Insurance Portability and Accountability Act (“HIPAA”) authorizations for pharmacy reward programs. The law, which will become effective on July 1, 2014, obligates retailers to provide consumers with a “plain language summary of…
Advanced Care Hospitalists notifies patients of breach at billing vendor
Melanie Payne reports: Carol Crisafi received a disturbing letter in the mail. It came from a physician’s group that had cared for her while she was in Brandon Regional Hospital east of Tampa. Advanced Care Hospitalists PL said their “former billing company,” Doctors First Choice Billing in Miramar, had posted patients’ personal information on a…
House Oversight asks Inspector General of the FTC to investigate FTC’s actions in LabMD case
CORRECTION: In the original post, below, the CEO of Tiversa informed PHIprivacy.net that they never turned over the full 1718 File until October 2013, when it was subpoenaed by the FTC. The FTC’s own documents indicate that they obtained the 1718 File from the Privacy Institute in response to the CID, which means that they…