Tag: Infosecurity

(Apr 24, 2019) The U.S. Department of Health and Human Services’ Office of the Inspector General found the information security programs of four agencies were “not effective,” HealthITSecurity reports. The OIG reviewed the programs of HHS, the U.S. Food and Drug Administration, Centers for Medicare and Medicaid Services, and National Institutes of Health. In its annual Federal Information Security Management Act audit, the OIG writes the four entities have worked to improve their security programs; however, th... Read More

(Apr 23, 2019) The Westin Research Center has released a new tool to help IAPP members understand the California Consumer Privacy Act. The “CCPA Rights and Obligations Tool” organizes the act’s consumer rights and business obligations around the different phases of interaction with a consumer described in the act — initial disclosure and notice requirements and receipt and response to a consumer request — the act’s enforcement provisions, and its security obligations. The tool is intended to help privacy profe... Read More

(Apr 23, 2019) The Westin Research Center has released a new tool to help IAPP members understand the California Consumer Privacy Act. The “CCPA Rights and Obligations Tool” organizes the act’s consumer rights and business obligations around the different phases of interaction with a consumer described in the act — initial disclosure and notice requirements and receipt and response to a consumer request — the act’s enforcement provisions, and its security obligations. The tool is intended to help privacy profe... Read More

(Apr 22, 2019) An unsecured online database exposed 4.91 million documents containing sensitive health information belonging to an estimated 145,000 patients seeking treatment at several addiction rehabilitation centers, CNet reports. Discovered after independent researcher Justin Paine entered keywords into the Shodan search engine, records included patient names and details of treatments. Having notified the treatment center of the data breach, the data has since been removed from public view. "I found this ... Read More

(Apr 22, 2019) Washington State University has negotiated a $5.26 million settlement over a potential data breach from 2017, The Spokesman-Review reports. The possible breach involved a stolen hard drive featuring the personal information of nearly one million people. Plaintiffs in the class suit claimed the burglary, which is still unsolved, was due to the university's negligent storage of the hard drive in an unsecure area. “While Washington State University disputes the claims made in the suit, the universi... Read More

(Apr 19, 2019) A class-action lawsuit has been filed against Sunniva and Natural Health Services for an alleged breach of medical marijuana customers’ data, CTV Edmonton reports. The lawsuit claims 34,000 individuals may have been impacted by the breach. Diamond & Diamond Lawyers, the firm representing the victims, stated diagnostic results, health care numbers, medical data and questionnaires were among the compromised information. “We have been working with privacy protection and law enforcement authorit... Read More

(Apr 17, 2019) Insurers have used war exemptions to avoid claims related to cyberattacks, The New York Times reports. Food company Mondelez International and pharmaceutical company Merck were both victims of the NotPetya incident in 2017. Both companies were told by insurers their claims would not be accepted as their losses were deemed collateral damage in a cyberwar. The insurers’ stance solidified after the U.S. government determined Russia was behind the cyberattack. Mondelez and Merck are both in the mids... Read More

(Apr 15, 2019) The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has warned four enterprise virtual private network app providers of system vulnerabilities, Fortune reports. The agency and the CERT Coordination Center, a nonprofit internet emergency response team, issued an advisory to Cisco, Palo Alto Networks, Pulse Secure and F5 Networks regarding the incorrect storage of cookies by each VPN app, which hackers could use to access a person's private computer. Rather ... Read More

(Apr 12, 2019) IBM reports a number of privacy-related takeaways from "The 2019 Study on the Cyber Resilient Organization," the company's global survey of 3,600 security and IT professionals conducted by the Ponemon Institute. IBM's biggest observation from the survey was 77% of organizations do not have a companywide cybersecurity response plan, while 54% does not regularly test the plans that are in place. The survey went on to show 78% prioritizes a company's ability to keep data private, and only 20% trust... Read More

(Apr 10, 2019) A study conducted by Symantec found two-thirds of hotel websites inadvertently leaked customers' personal information and booking numbers to third parties, Reuters reports. Symantec analyzed 1,500 hotel websites in 54 countries. Researchers found the leaks occurred when the hotel sends confirmation emails with links to direct booking information. Third parties, such as social media platforms, search engines and advertising services, receive the customer data via the reference code attached to th... Read More