September 19, 2013 Today, the HHS Office for Civil Rights (OCR) issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act and Omnibus Rule apply to refill reminders and other communications about drugs or biologics currently being prescribed for individuals. …
Barclays Bank Cyber Theft: 8 Arrested For Allegedly Hacking Computer System, Stealing $2 Million
Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday. […] Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime. Police suspect that in both cases a gang member…
Audit of State University of New York at Albany reveals to-be-surplussed devices certified as “clean” still contained PII
I periodically post audits from the NYS Comptroller Thomas DiNapoli’s office pertaining to data protection. A recently released audit of SUNY-Albany reminds us that we need to continue to be concerned about inadequately wiped devices or drives that are to be surplussed. The audit period covered January – May 2012, and during that time, SUNY-Albany…
Apple now asking app developers to provide sources of medical information
Tom Lewis reports: Recently there have been signs Apple is taking the reliability and content of medical apps sold through the App Store more seriously. iMedicalApps recently reported that medical apps containing drug dosages were being rejected from the App Store. Further information has now become available that suggests Apple is now looking to ensure the information contained…
MNsure data security breach prompts new bill
Catherine Richert of Minnesota Public Radio reports: A data security breach at the state’s new online insurance marketplace has prompted two members of Minnesota’s Congressional delegation to write a bill designed to prevent confidential information from being leaked again. Starting Oct. 1, uninsured Minnesotans will be using MNsure to purchase health insurance, and they’ll have…
Windhaven Investment Management notifies customers months after vendor-maintained server was hacked (update 3)
Windhaven Investment Management is notifying clients that a server maintained by an unnamed vendor suffered an unauthorized intrusion several months ago. As a result, customers’ names, account numbers, custodians, and investment positions for their Windhaven account(s) may have been accessed. Neither Social Security numbers nor dates of birth were exposed. Windhaven learned of the intrusion last month, but…