Jaikumar Vijayan reports: For the second time in three months, Massachusetts officials have pushed back the deadline for companies to comply with a controversial set of data security regulations that the state announced last September. In addition to the deadline extension, which was announced late Thursday , the state’s Office of Consumer Affairs and Business…
First arrests made in Heartland data breach case
Chuck Miller reports: Three men have been arrested in Tallahasee, Fla., in connection with the Heartland Payment Systems data breach, authorities said. The men, Tony Acreus, Jeremy Frazier and Timothy Johns, each were charged with multiple counts of credit card fraud, police said. The arrests were part of a larger investigation into the breach, […]…
More p2p fiascos
Rian from RedTeam Protection, a division of Tony Josephs and Sons Investigations Inc., just sent me another batch of p2p cockups that exposed personal — and in some cases — sensitive medical — information. In each case, RedTeam advised the entity and/or helped ensure removal of the filesharing application. Some of these breaches are more…
VA suspends contractor over patient data security
Adam Levine reports: The Department of Veterans Affairs has suspended a contractor for failing to follow the department’s policies for securing sensitive data about patients, the department said. A routine inspection revealed that a transcription contractor, with access to information including name, Social Security number and diagnosis, was using computers that did not follow guidelines…
Privacy Trumps Profit in Obama’s $19 Billion Health Stimulus
Nicole Gaouette reports: Patients’ advocates claimed victory in a battle over the privacy of health records as the U.S. Congress prepares to vote on the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators’ compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data….
UK: ICO takes enforcement action against Hastings and Rother PCT for data loss
From the press release (pdf) from the Information Commissioner’s Office (ICO): The Information Commissioner’s Office (ICO) has taken enforcement action against Hastings and Rother Primary Care Trust (PCT) following a breach of the Data Protection Act. This is the eighth time the ICO has taken enforcement action against an NHS organisation for breaching the Data…