'Project Nightingale' allegedly collecting millions of US health records

(Nov 12, 2019) Google and Ascension health system have allegedly been performing a mass data collection project involving tens of millions of U.S. health records across 21 states, The Wall Street Journal reports. The collection, titled "Project Nightingale," began last year and is believed to involve extensive patient profiles that include names, birthdates, lab results, doctor diagnoses and hospitalization records. A whistleblower told the Guardian the project involves 50 million patients who, along with thei... Read More

Web con: 'Trends in Changing Data Breach Notification Laws'

(Nov 11, 2019) Privacy professionals have a lot to keep up with in the ever-changing regulatory landscape, from an increase in U.S. state privacy laws to expanding definitions of personal information. Join the IAPP Nov. 14 for this sponsored web conference as RadarFirst CEO and Founder Mahmood Sher-Jan and Dentons Counsel Deborah Rimmler discuss data breach notification laws on a U.S. and international level. The speakers will cover data breach notification trends they saw from legislative movement in 2019 and... Read More

Security breach at DNA-testing firm exposes user data

(Nov 11, 2019) Bloomberg reports a security breach at Veritas Genetics included customer information, but the DNA-testing firm did not say what information was exposed or when it became aware of the breach. Veritas said a handful of customers were potentially affected by the recent unauthorized access of a customer-facing portal. The company said genetic data, DNA-test results and health records were not contained on the portal. The company has launched a forensic investigation and will notify potentially impa... Read More

Warner calls on HHS to explain inaction on exposure of patient data

(Nov 11, 2019) U.S. Sen. Mark Warner, D-Va., in a letter to the Director of the Officer for Civil Rights at the Department of Health and Human Services Roger Severino, criticizes the department for inaction following a September report that medical records of “potentially millions of Americans” were exposed online. “The American people deserve to have their sensitive private information protected and their government held accountable for enforcing the rules in place to keep that information private,” Warner wr... Read More

Capital One reassigns CISO in the wake of July breach

(Nov 8, 2019) The Wall Street Journal reports Capital One Chief Information Security Officer Michael Johnson has been removed and will assume an adviser position with the company. The change in position is potentially linked to Capital One's data breach that affected 106 million consumers in July. The bank was reportedly experiencing cybersecurity issues prior to the breach and has seen its staff shrink in the months that followed the incident. Mike Eason has been named interim CISO, while a search for a perm... Read More

California DMV ‘improperly’ shared customers’ information with outside agencies

(Nov 7, 2019) Over the past four years, the personal information of 3,200 California Department of Motor Vehicles customers was “improperly” shared with outside law enforcement, immigration and administrative agencies, The Sacramento Bee reports. Among those affected, 88 customers were undocumented immigrants, and 200 customers had their Social Security information shared with outside agencies, including the U.S. Department of Homeland Security and Internal Revenue Service. The DMV discovered the issue in Aug... Read More

OCR hands out HIPAA fines, announces penalties increase

(Nov 6, 2019) GovInfoSecurity reports the U.S. Department of Health and Human Services Office for Civil Rights has issued fines of $3 million and $1.6 million to the University of Rochester Medical Center and Texas Health and Human Services Commission, respectively, for violations of the Health Insurance Portability and Accountability Act. The University of Rochester settled on violations stemming from data breaches in 2013 and 2017, while Texas HHSC was fined for security issues related to web applications. ... Read More

Survey: Data breaches to cost health care industry $4B

(Nov 5, 2019) A Black Book Market Research LLC survey found health care providers are the most targeted organizations for data breaches, which will cost the industry $4 billion by the end of 2019, Yahoo Finance reports. The survey asked over 2,876 security professionals from 733 organizations to “identify gaps, vulnerabilities and deficiencies” that allow hospitals and physicians to be targeted. The survey found more than 93% of health care organizations have experienced a data breach since the third quarter ... Read More

680K affected by Indian edtech firm breach

(Nov 4, 2019) The Economic Times reports education technology company Vedantu was hit by a data breach affecting 680,000 customers across India. Names, phone numbers, email addresses and IP addresses were among the information exposed in the breach, which reportedly occurred at the end of September. Vedantu Co-Founder Vamsi Krishna said his company alerted customers within days of the breach and suggested they replace passwords.Full Story... Read More

Data breach affects all 4.2M Desjardins Group members

(Nov 4, 2019) Reuters reports the Desjardins Group data breach is more widespread than initially thought — the breach has affected all 4.2 million members of the group. When the breach was first reported in June, it was believed 2.9 million members were affected. Quebec Finance Minister Eric Girard said the revelation will lead to government reforms “to improve cybersecurity and the protection of personal information.” Despite the late discovery, Girard said Desjardins is managing the breach.Full Story... Read More