A reader emailed me yesterday asking about an incident involving Chase. When I looked into it, I found that there was an incident first reported early last month involving a backup tape stored at an unnamed secure off-site facility that could not be located. On digging some more, I found that the incident had local…
The Promise of Personal Health Records
Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials CONTEXT Personal health records (PHRs) have started to attract attention in Canada with recently announced services from the public and private sectors that will offer online health records for consumers. This has major implications for the development of the pan-Canadian electronic health infostructure. In this context,…
Heartland: Judge to Hear Motions to Dismiss Suits
Linda McGlasson of BankInfoSecurity.com updates us on the status of lawsuits against Heartland Payment Systems and Heartland’s motion to dismiss: There are two class action suits — one on the consumer side and the second on behalf of the financial institutions affected by the massive breach. Earlier in June, a Multidistrict Litigation (MDL) panel decided…
Phisher who victimized tens of thousands pleads guilty
Tien Truong (“Tim”) Nguyen, 30, of Sacramento, pleaded guilty yesterday to conspiracy, access device fraud, aggravated identity theft, and being a felon in possession of a firearm. The case began in 2007 when Nguyen was indicted (pdf) for being part of a phishing scheme ring that victimized tens of thousands of individuals between October 15,…
Michigan AG's ruling on HIV disclosure case prompts medical privacy worries
Todd A. Heywood reports: A letter from the office of Michigan Attorney General Mike Cox exonerating Lansing City Attorney Brigham Smith of any criminal wrongdoing in the public release of an arrested man’s HIV-positive status has activists and political leaders up in arms. “This is just scary,†said State Sen. Gretchen Whitmer, a likely candidate…
NHS Education for Scotland to improve security after laptop theft
NHS Education for Scotland (NES) has agreed to improve data security after it informed the Information Commissioner’s Office (ICO) of a data breach involving the theft of an unencrypted laptop containing the personal information of 6377 applicants for medical training positions. The information included names, addresses, phone numbers and summaries of the applicants, as well…