Target Settles With 47 Attorneys General Over 2013 Hack.

One of the biggest hacks in history was the Target credit hack of winter 2013, which affected approximately 60 million people. Four years later, Target is finally putting the situation behind, settling legal action brought to it by 47 states. The amount: $18.5 million. This does not include the many millions the Minnesota-based retailer paid […] read more

HIPAA/HITECH Doesn’t Require You To Be Perfect, But It Does Expect You To Follow The Rules.

A couple of recent Department of Health and Human Services (HHS) legal settlements emphasize paperwork over security, showing that a healthcare entity’s approach to safeguarding data must be holistic: yes, you need to use encryption, and lock doors, and hide screens from potential medical data peeping-toms…but you also need to make sure that you’ve followed […] read more

Horizon BCBSNJ HIPAA Charge Over Two Laptops Settled For $1.1 Million.

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has settled a data breach that affected approximately 690,000 New Jersey residents. This data breach was noted on this blog not too long ago: In January, the Third Circuit Appellate Court declared that a lawsuit against the insurer could proceed because the “improper disclosure” of […] read more

Children’s Medical Center of Dallas Pays $3.2 Million To Settle HIPAA Violations.

The Children’s Medical Center of Dallas (Children’s) recently settled with the US Department of Health and Human Services (HHS) over multiple failures to encrypt sensitive data in mobile devices. The settlement – $3.2 million dollars – is quite the figure, as is the timeline involved: It looks like an investigation could have been started as […] read more

UMass Amherst Settles HIPAA Violation for $650,000 and Corrective Action.

In 2003, the University of Massachusetts – Amherst (UMass Amherst) was embroiled in a health data security breach. A workstation computer was infected with malware, leading to a HIPAA violation involving patient data for 1,670 people. Skip to three years later, and UMass Amherst has settled legal actions related to the breach, brought by the […] read more

California Amends Data Breach Notification For Encrypted Data.

Beginning on January 1, 2017, organizations in California cannot automatically assume that personal details are safe if they were encrypted at the time of a data breach. This, in turn, means that businesses and other organizations will have to give some thought as to whether a data breach must be made public.   Encrypted Personal […] read more

Longer Passwords Is The Way To Security.

In a continuation to the post from last week, it looks like it’s not only the FTC’s Chief Technologist that is waging war against the periodic renewal of passwords. The National Institute of Science and Technology (NIST) is apparently onboard as well, and they will also be recommending that something be done about password complexity […] read more

HIPAA Encryption: Indiana Medical Firm Data Breach Affects 230 Healthcare Organizations.

Last week, a Indiana medical firm saw a massive medical data breach that extended throughout the entire U.S.  Per online reports, possibly 4 million people in more than 230 hospitals and other healthcare organizations were affected by the breach, which occurred in May of this year. Hackers stole protected health information that included: “patients’ names, […] read more

HIPAA Data Breach: Medical Office Alerts Patients That Nothing Happened.

I’ve just run across a data breach notification that is a first of its kind: a data breach where the affected organization tells its clients (technically, patients) that nothing happened.  It’s like the Seinfeld show of data breaches.  The breach notification letter is about nothing.  Absolutely nothing.  Yet, there is something there. All kidding aside, […] read more