Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
FL: Call center employee and 7 others charged in ID theft fraud scheme involving AT&T customer info
A 22-count indictment charging eight defendants with participating in a conspiracy to unjustly enrich themselves by stealing personal identifying information of AT&T customers and using the information to make unauthorized wire transfers from the victims’ bank accounts and obtain unauthorized credit or debit cards has been unsealed in the Southern District of Florida. The indictment…
Helping Entities Implement Privacy and Security Protections Medscape Programs
HHS has recently added another training module to its offerings. The latest is on EHRs and HIPAA: OCR has six educational programs for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules. Each of these programs is available with free Continuing Medical Education (CME) credits for physicians and Continuing…
Federal court ruling in Carnegie Strategic Design Engineers v. Cloherty applies narrow interpretation of CFAA
Robert R. Baron, Jr., David S. Fryman, Corinne Militello, and Philip N. Yannella of Ballard Spahr write: A Pennsylvania federal magistrate judge has tossed an employer’s claims under the Computer Fraud and Abuse Act (CFAA), holding that the CFAA does not extend to punish employees for the misuse of information that was accessed with permission….
Chicago-area doctors' group announces data breach
Mitch Smith reports: Surgical information for more than 1,200 patients may have been compromised in February when an unknown person accessed a doctor’s Gmail account, a Chicago-area physicians’ group announced Friday. Midwest Orthopaedics at Rush said in a news release that names and dates of birth for 1,256 patients could have been accessed, along with…
RK Internet notifies customers after malware snags their information
When RK Internet (“Rural King”) became suspicious on March 7th that their web server had been compromised, they brought in forensic investigators. Those investigators discovered that malware had been injected, and for transactions that occurred between February 6 until March 12, customers names, debit or credit card number with security code and expiration date, telephone…