The World Privacy Forum filed comments this week with the Department of Labor requesting that the department expand its protections of how genetic information may be used by health insurance companies or group health plans. The comments were in response to the interim final rules implementing sections 101 through 103 of the Genetic Information Nondiscrimination…
NJ: Clifton woman pleads guilty in scam run from Passaic County Jail
John Petrick reports: A Clifton woman pleaded guilty in state court Wednesday to her role in a complex scheme run from the Passaic County Jail that stole the identities of inmates to fraudulently obtain more than $450,000 from American Express and others. Rania Al-Monakel, 34, will have to serve 365 days in the county jail…
OR: Hackers crack security on Eugene school employee info
KVAL reports: Hackers breached the security a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees, the district said Tuesday. The server in question did not contain other personal information but was attached to servers that contain Social Security numbers and other sensitive data, the…
Heartland breach shows why compliance is not enough
Jaikumar Vijayan reports: […] The [Heartland] intrusion led to the “stark realization that passing a PCI security audit does not make a company secure,” said Avivah Litan, an analyst at research firm Gartner Inc. “This was known well before the breach, but Heartland served as a big pail of ice water thrown on the face…
Today’s burning question
How many new strains of malware were identified in 2009? (a) 12,186,379 (b) about 18 million (c) over 25 million Answer: (c), according to PandaLabs. Read more on InfoWorld.
More on the HITECH-mandated breach reports on HHS
Several weeks ago, I initiated an inquiry about the breach reports that I expected to see on HHS’s web site. Under the new HITECH Act provisions, covered entities experiencing breaches involving the unsecured PHI of 500 or more patients are required to report the incident to HHS – if the incident meets the “harm threshold”…