Will Phoenix writes: Unlike the hackers who recently hit Target and Nieman Marcus, authorities know exactly who hacked Nordstrom. According to the U.S. Attorney’s office two brothers identified as Andrew S. Chiu, 29, of Anaheim, California; and Allen J. Chiu, 37, of Dallas, Texas utilized a mix of business logic attacks and fraudulent actions to…
So You Found An Obamacare Website Is Hackable. Now What?
Kashmir Hill reports an all-too-common scenario, this one involving security researcher Kristian Erik Hermansen: 1. White-hat hacker discovers vulnerability, tries to notify responsible party. 2. White-hat hacker gets nowhere despite numerous attempts to contact responsible party. 3. White-hat hacker discloses publicly. 4. Responsible party pays attention but is more focused on covering up problem. 5. The…
SC Department of Employment & Workforce notifying employees after former employee downloaded their info onto a flash drive
Seanna Adcox of Associated Press reports yet another breach in South Carolina, this one involving the state’s employment and workforce agency: South Carolina’s unemployment agency began notifying more than 4,600 people Wednesday that a former employee may have compromised their personal information. The employee who downloaded the data to a personal flash drive was fired…
Pointer: A First Look at the Target Intrusion, Malware – Krebs
In case you missed it, Brian Krebs had a column with some informed speculation about the malware used in the Target attack. You can read his column here.
Required HIPAA breach notification or political dirty trick?
Okay, this is a bit different. On January 4, Coulee Medical Center in Grand Coulee, Washington, posted this notice on its web site: This notice is posted pursuant to federal Health Insurance Portability and Accountability Act of 1996 breach notification regulations found at 45 CFR Parts 160 and 164 and the Health Information Technology for Economic…
ACLU In Court Today: Defending Medical Records from Warrantless Search
Nathan Freed Wessler of the ACLU writes: I will be in federal district court in Oregon today for oral argument in the ACLU’s challenge to the Drug Enforcement Administration’s practice of obtaining Oregon patients’ confidential prescription records without a warrant. We represent patients and a doctor whose prescriptions are tracked in the Oregon Prescription Drug Monitoring Program…