Gregory A. Hall reports: The bill to require public agencies to notify people whose personal information has been compromised in a cyber-security breach got final approval from the House on Friday and now will go to Gov. Steve Beshear. The House concurred in the changes made by the Senate on House Bill 5, the cyber-security…
TX: Spec’s discloses hack that began October 31, 2012, may have affected more than 500,000 customers
Spec’s, a Texas superstore selling wines, spirits, and finer foods, has announced that customer data at 34 of its locations may have been snagged by hackers. The hack reportedly began October 31, 2012 and continued until March 20, 2014. Although the breach reportedly affected less than 5% of its transactions, a spokesperson informed the Houston…
CA: Data stolen from 5,000 Palomar Health patients after flash drives left in employee's car (updated)
Teri Figueroa reports: About 5,000 patients of Palomar Health had personal information — including medical diagnoses — stolen last month when someone swiped a company laptop and two flash drives from an employee’s vehicle, a company official announced Friday. Read more on U-T San Diego. A statement on Palomar Health’s website says: Notice to Palomar…
Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
Two companies have agreed to settle Federal Trade Commission charges that they misrepresented the security of their mobile apps and failed to secure the transmission of millions of consumers’ sensitive personal information from their mobile apps. The FTC alleged that, despite their security promises, Fandango and Credit Karma failed to take reasonable steps to secure…
HHS releases security risk assessment tool to help providers with HIPAA compliance
A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS. The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office…
When to Disclose A Data Breach: How About Never?
Joel Schectman writes: When your company gets attacked by hackers, how much do you tell the public and when? Often the answers are nothing and never, according to an attorney assisting Target Corp. with legal issues arising from its December data breach. There was little consensus on when companies should report data breaches among business executives and officials…