In case you missed it, Brian Krebs had a column with some informed speculation about the malware used in the Target attack. You can read his column here.
Required HIPAA breach notification or political dirty trick?
Okay, this is a bit different. On January 4, Coulee Medical Center in Grand Coulee, Washington, posted this notice on its web site: This notice is posted pursuant to federal Health Insurance Portability and Accountability Act of 1996 breach notification regulations found at 45 CFR Parts 160 and 164 and the Health Information Technology for Economic…
ACLU In Court Today: Defending Medical Records from Warrantless Search
Nathan Freed Wessler of the ACLU writes: I will be in federal district court in Oregon today for oral argument in the ACLU’s challenge to the Drug Enforcement Administration’s practice of obtaining Oregon patients’ confidential prescription records without a warrant. We represent patients and a doctor whose prescriptions are tracked in the Oregon Prescription Drug Monitoring Program…
Follow-up: Two Members Of Identity Theft Ring Targeting Government Employees Sentenced
There was a follow-up to this case, published January 10 by the U.S. Attorney’s Office for the Eastern District of Virginia: Adrienne Pritchett, 42, of District Heights, Md., was sentenced to 57 months in prison, followed by four years of supervised release, for bank fraud and aggravated identity theft. Pritchett has also agreed to pay…
OH: Southwest General Health Center notifies obstetrical study participants after binder with PHI lost
Brie Zeitner reports from Cleveland, Ohio: Southwest General Health Center is notifying about 480 patients who were part of an obstetrics study that some of their private information was recently lost, including names, clinical information, data on births and medical record numbers. The data was included in one binder, according to the health system, and the…
Good luck with THAT (Target update)
John Leyden reports: Underground cybercriminals are attempting to decrypt a 50GB dump of encrypted debit card PINs that security watchers reckon were lifted during last year’s high profile breach against retail giant Target. Security intelligence firm IntelCrawler reports that a miscreant claiming to be in possession of 50GB of PIN data secured with 3DES encryption posted a…