Marija B. Vader reports: Randall Vannoy Heath, 52, of Colorado Springs was sentenced Feb. 18 to serve 84 months in federal prison followed by three years of supervised release. Heath was found guilty of aggravated identity theft and for filing a false claim with the Internal Revenue Service, according to a U.S. Department of Justice…
Patient records should not have been sold, NHS admits
Kudos to reporter Laura Donnelly, who has been all over this breach and scandal: Medical records should not have been sold to the insurance industry, the new body in charge of NHS patient data has declared. The Telegraph disclosed that 13 years of hospital data – covering 47 million patients – was sold by the…
Asylum seeker data breach: no decision yet on whether to inform those affected
Daniel Hurst reports: Australia’s top immigration bureaucrat has told a Senate committee he is yet to make a call on whether asylum seekers will be told that his department released their confidential personal details on its website. Martin Bowles, secretary of the Department of Immigration and Border Protection, characterised the data breach as “regrettable” but…
Commentary: Doctor storing credit card info is a prescription for cybercrime
I was somewhat surprised – and disappointed – to see how a question on Kaiser Health News was answered. Michelle Andrews writes: Q. After signing up for a gold level plan on the health insurance marketplace, my physician, who is part of my plan, asked for $75 up front. My copayment is $25. His office…
Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance
David Navetta writes: The BIG 2014 security stories concerning the Target, Neiman Marcus and Michaels payment card breaches of have highlighted the significant criminal hacking and fraudulent payment card activity that goes on in the retail space. Of course, it was not so long ago that the Heartland Payment Systems breach (2008; 100 million cards exposed) and the TJX breach in (2007; 45 million card exposed)…
FTC Approves Final Consent Settling Charges that Accretive Health Failed to Adequately Protect Consumers’ Personal Information
Following a public comment period, the Federal Trade Commission has approved a final consent order settling charges that a company providing medical billing and revenue management services to hospitals in multiple states unfairly exposed sensitive consumer information to the risk of theft or misuse because of its inadequate data security measures. The FTC alleged that the Chicago-based company violated…