Patricia Kime reports: After veteran Aaron Alexis shot and killed a dozen people at the Washington Navy Yard last September, the Air Force noted a spike in the number of personnel dipping into his electronic medical file. The snooping — illegal under the Health Insurance Portability and Accountability Act, or HIPAA — was so pervasive…
Iowa amends data breach law to cover paper records and to create central reporting
Mark Wolski of Bloomberg BNA reports: April 8 –Iowa Gov. Terry Branstad (R) recently signed legislation (S.F. 2259) that amends the state’s data breach notification law to require covered entities to notify the state attorney general of breaches affecting more than 500 Iowans. Under the measure, covered entities must notify the attorney general within five…
#Hackback: “Buddhax” posts photos of no-longer-so-Anonymous #OpIsrael hackers
David Shamah reports: Israeli hackers attacked computers belonging to Anonymous and allied hacker groups, taking pictures with exploited webcams and posting the photos online, during the organization’s OpIsrael hacking attack last week. A hacker called Buddhax, a member of the Israeli Elite Force hacking group, posted the information on the IEF’s Facebook page Wednesday, two days after anti-Israel hackers…
Heartbleed hacks hit Mumsnet, too
Leo Kelion reports that like the Canada Revenue Agency, Mumsnet has also fallen victim to exploitation of Heartbleed: A leading UK site for parents and the Canadian tax authority have both announced they have had data stolen by hackers exploiting the Heartbleed bug. Mumsnet – which says it has 1.5 million registered members – said…
UK: Sensitive social services records lost after being left on family’s doorstep
An investigation by the Information Commissioner’s Office (ICO) has ruled that a council in Berkshire breached the Data Protection Act after sensitive social services records relating to the care of a young child were lost. The information had been requested by a family member who made a subject access request for their information to Wokingham…
TrueCrypt audit: Probe’s nearly all the way in … no backdoor hit yet
John Leyden reports: The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor. iSEC Partners, which was contracted to carry out the audit by the Open Crypto Audit Project (OCAP), found 11 vulnerabilities in the full disk and file encryption…