William Pewen, who was involved in drafting the language in ARRA, has an excellent commentary on Health Affairs Blog: On July 28 the Obama Administration surprised many in the health sector by withdrawing a pending Department of Health and Human Services (HHS) final “breach notification” rulegoverning when consumers must be informed of illicit access or use of…
Ca: Investigation finds veteran’s personal information was mishandled
In response to recent news of a breach involving a veteran’s medical information, the Privacy Commissioner of Canada has already completed an investigation and announced findings. From the press release: An investigation has highlighted the serious mishandling of a veteran’s personal information, entrusted to the care of Veterans Affairs Canada, says Privacy Commissioner Jennifer Stoddart. …
Cancer researcher fights UNC demotion over data breach (updated)
Gregory Childress reports that a data breach had significant consequences for a researcher. Because I don’t recall ever seeing such consequences before, I think this is pretty newsworthy: A UNC cancer researcher is fighting a demotion and pay cut she received after a security breach in the medical study she directs. Bonnie Yankaskas, a professor in…
ICO: data crooks should face jail
… Responding to a Ministry of Justice call for evidence on the current data protection legislative framework, the privacy watchdog said that the greatest threat to information security in organisations is individuals. But it said the Data Protection Act “only provides for a fine for those individuals who knowingly or recklessly obtain or disclose personal…
Hacked D.C. online voting system stored login and encryption key on server
Kim Zetter writes: An internet-based voting system that was hacked last week by researchers at the University of Michigan stored its database username, password and encryption key on a server open to attack. Alex Halderman, a computer scientist at the university, has detailed the vulnerabilities and hacking techniques his students used to completely control the system…
Employee of Akamai Technologies charged with wire fraud in spying sting
Another reminder about insiders, even though in this case, no confidential data was actually compromised because a would-be spy delivered the information to an undercover federal agent. From the press release from the U.S. Attorney’s Office in Massachusetts, a case first reported by Elizabeth Heichler on Computerworld: An employee of a high technology company headquartered…