Florida Government Hard Drives Stolen For Games.

Many, if not most, data security professionals will tell you that you should run a risk assessment and accordingly develop your plans for securing information, sensitive or otherwise. Then there are others who will counsel that one should secure as much as possible: obviously protect what represents a high risk situation, but never discount the […] read more

Australia’s Notifiable Data Breaches Law Nets 31 Reports In 3 Weeks.

A new Australian law appears to be succeeding in finally unveiling the current state of data breaches in the Land Down Under. According to a release by the country’s information commissioner’s office (the OAIC), thirty-one data breaches were reported to the government since the law took effect on February 22, 2018.   Notifiable Data Breach […] read more

HIPAA Breach Results In Lawsuit And Countersuit Between Aetna and KCC.

Reuters reported earlier this month that Aetna, the health insurance company, and Kurtzman Carson Consultants (KCC), an administrative-support services provider, have sued each other over a mishandled class action settlement notification. Last year, Aetna settled a number of lawsuits regarding the fulfillment of HIV medication prescriptions. With the legal issues finalized, it was up to […] read more

HIPAA Security Trickle-down? Notifications State Sensitive Information Not Contained In Stolen Devices.

According to databreaches.net, two medical entities recently alerted patients of a data breach: Eastern Maine Medical Center (EMMC) and Nevro Corporation. In the case of EMMC, an external hard drive went missing. For Nevro, a number of laptops were stolen during a break-in. Information contained in these devices was not protected with data encryption in […] read more

Penn Medicine Sending Breach Notifications To 1000 Patients Over Stolen Laptop.

Penn Medicine has revealed this past week that a laptop computer with protected health information (PHI) was stolen on November 30. While the details are meager (aside from a short entry at philly.com, which is referenced by databreaches.net, an online search comes up empty), the following was revealed: About 1000 people were affected. The laptop […] read more

Smartphone Encryption: FBI and Apple At It Again?.

Following the worst mass shooting in Texas history, the Federal Bureau of Investigation has announced in a press conference that they’re unable to get into the smartphone of the shooter. The reason? Encryption. While the brand of the smartphone was not officially revealed at the time (so as to not alert the “baddies” which one […] read more

FBI Unable to Access 7000 Encrypted Devices in 2017.

At the International Association of Chiefs of Police conference, held in Philadelphia last week, Federal Bureau of Investigation Director Christopher Wray noted that the FBI has nearly 7,000 encrypted devices it cannot access. Per the phillyvoice.com: In the first 11 months of the fiscal year [2017], federal agents were unable to access the content of […] read more

47.5 GB of PHI Left Exposed on the Cloud. (That’s 316,000 PDFs).

According to gizmodo.com, security researchers at Kromtech Security Center found a wide-open Amazon Web Services (AWS) bucket that contained over 300,000 PDFs, each one a medical file that would fall under the governance of the Health Insurance Portability and Accountability Act (or HIPAA which, arguably, finally jumpstarted the drive towards encrypting sensitive digital files thanks […] read more

Delaware Updates Data Breach Notification Rules.

Delaware, the second-smallest state but the leader in business incorporations, at least within the USA, has updated its legal framework regarding data breach notifications. Beginning on August 14, 2018, companies that experience a data breach must notify any affected individuals in Delaware within 60 days. In addition, credit monitoring – free of charge, of course […] read more