DC attorney general proposes expansion of data breach notification law

(Mar 22, 2019) District of Columbia Attorney General Karl Racine released a proposal to expand the city’s data breach notification law to cover taxpayer identification numbers, genetic information, DNA profiles, military identification data and other types of information, Bloomberg Law reports. The Security Breach Protection Amendment Act would also give the attorney general’s office more enforcement authority over tech companies that fail to report data breaches. “Data breaches and identity theft continue to ... Read More

UCLA Health reaches $7.5M data breach settlement

(Mar 22, 2019) HealthITSecurity reports that UCLA Health has reached a $7.5 million settlement over its May 2015 health data breach. The settlement will be divided between providing $2 million toward unreimbursed loss and preventative measure claims, while the remaining $5.5 million will fund a cybersecurity enhancement fund. As part of the settlement, UCLA Health will update its cybersecurity practices and policies, and the 4.5 million current and former patients affected by the breach can receive up to $5,00... Read More

Investigation examines the growth of privatized spying

(Mar 22, 2019) A monthlong investigation from The New York Times looks at the proliferation of privatized spying, finding that the use of digital espionage services allows even the smallest countries to operate sophisticated surveillance operations. The investigation looks into two companies, NSO and DarkMatter, to see how they and others have changed digital warfare, allowing states to broaden hacking abilities and expand untraceable data-collection efforts. The article notes, “American laws governing this ne... Read More

Op-ed: Personal health information too valuable to lose

(Mar 22, 2019) In an op-ed for the Vancouver Sun, Canada Health Infoway President and CEO Michael Green writes about the ramifications of Canada's increasingly digital health care system and its susceptibility to data theft. Green discusses how Canadians are "unwittingly sharing their health information" in different ways, such as through apps, mailing lists and online surveys. "Compromised personal health data has a much greater and lasting impact," Green writes. "When a credit card is stolen, card numbers ar... Read More

HSA vendor exposes 800,000 records

(Mar 21, 2019) A vendor connected to Singapore’s Health Sciences Authority left the personal information of more than 800,000 blood donors exposed on an online database after the company failed to put in place adequate data protection safeguards, The Strait Times reports. The HSA has stated the database was accessible via a database client and not a web browser, and it is also believed that only one instance of unauthorized access was committed when a cybersecurity professional discovered the breach. A spokesm... Read More

Finland to investigate possible Nokia data breaches

(Mar 21, 2019) Finland's data protection ombudsman will investigate claims of data breaches by Nokia-branded phones, Reuters reports. Ombudsman Reijo Aarnio will explore allegations from Norway’s public broadcaster saying it had proof that the devices relayed data to China. The investigation will focus on whether personal information was involved in the alleged breaches and if that collection was for legal purposes.Full Story... Read More

Rotherham Borough Council accidentally sends out nearly 900 email addresses

(Mar 21, 2019) The Rotherham Borough Council reported itself to the U.K. Information Commissioner’s Office for a data breach, Rotherham Advertiser reports. A council employee sent a message that contained 897 email addresses. The sender allegedly entered in personal email addresses instead of blind copying, a tactic used to hide the details of message recipients. The council apologized for the incident via email, telling affected individuals no other personally identifiable information was leaked in the breach... Read More

Report looks at gray area of health device data

(Mar 21, 2019) A new report looks at the extent to which health data is generated from devices and apps that fall outside the Health Insurance Portability and Accountability Act and aims to address confusion surrounding what is considered a covered entity under the law, HealthITSecurity reports. A subsequent report calls attention to the privacy issues surrounding health apps, particularly how they share personal user data with third parties, including advertising companies. Most recently, medical-device and s... Read More

Analysis looks at worst breaches of past 14 years

(Mar 20, 2019) Bloomberg News analyzed data breach statistics involving nearly 200 corporate, government and nonprofit organizations since 2005 to compile a list of the worst corporate hacks of all time. The analysis included major breaches where 1 million accounts or more were involved and provided an infographic breakdown by industry, as well as a complete list, including information on the entity, industry, location, date and number of records exposed. Full Story... Read More

Researchers find CEOs' pay increased after data breaches

(Mar 19, 2019) A study conducted by University of Warwick researchers found CEOs saw pay increases after their organizations were hit by a data breach, Pymnts reports. The researchers examined 41 public U.S. firms that experienced a breach between 2004 and 2016. While the companies saw financial losses, their CEOs saw pay raises in the same time period. The study found companies that did not suffer a data breach saw their CEO's annual salary decrease by $2 million. “At first sight, these results may look puzzl... Read More