WALB reports: Phoebe Putney Hospital is notifying thousands of patients that their medical information has been compromised by the disappearance of a hospital computer. Phoebe confirmed to WALB News 10 that on November 6, 2013, the hospital learned that a password protected unencrypted desktop computer disappeared from one of its clinics the day before. Read more…
And yet another Experian breach…
This time, the client whose credentials were compromised to gain access to Experian’s credit report database was Lafarge West in Albuquerque, New Mexico. The breach occurred between December 19 and 20, and was reported to those affected on January 7.
Thumb drive with personal information of Milwaukee employees recovered
There’s an important update in the Dynacare breach that affected City of Milwaukee employees. Fox6 reports that a 17-year-old male has been arrested for his role in the theft of the thumb drive, laptop, and computer bag that were stolen from the employee’s car on October 22. According to Fox6 and other media reports, the…
Edgepark Medical Supplies notifies patients after malware may have compromised their personal information
Edgepark Medical Supplies in Ohio (RGH Enterprises) is notifying some patients that their personal information, including full credit card number in approximately 126 cases, may have been acquired in March 2013 due to a malware infection that evaded detection by their anti-virus software until December 2013. Upon discovery, the malware was removed and patients’ passwords…
David Nosal sentenced; case narrowed the definition of “exceeding authorized access” under CFAA (update1)
I’ve been following the David Nosal case on this blog since April 2011, when the Ninth Circuit held that an employee who violates his employer’s computer use policy is guilty of “exceeding authorized access” to the employer’s computer under the federal anti-hacking statute, CFAA. In June 2011, Nosal filed a petition for rehearing en banc (see…
INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent – GAO Report
From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…