The criminals behind the Maze ransomware [view recent related posts here and here] have gone big and hit Cognizant, one of the largest technology consulting companies in the U.S., with its nasty ransomware. Cognizant stated on its website that it “can confirm that a security incident involving our internal systems, and causing service disruptions for … Continue Reading
Vicious malware continues to be deployed by China-based attackers. A new strain of malware, dubbed “HiddenWasp,” which has the ability to remotely infect computers, has been discovered by a security researcher at Intezar. The malware is believed to have originated from a Chinese forensics firm; the malware is hosted by servers owned by a Hong … Continue Reading
On June 3, 2019, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a fraud alert to notify consumers about genetic testing fraud schemes (the Alert). According to the OIG, fraudulent actors are using the provision of free genetic testing kits to obtain Medicare information from unwitting consumers, and then … Continue Reading
On January 24, 2018, the National Institute of Standards and Technology (NIST) issued its “Draft NIST Interagency Report 8202 Blockchain Technology Overview” which it announced as NIST’s “Report on Blockchain Technology Aims to Go Beyond the Hype.” The press release announcing the issuance of the report starts by stating “Beguiling, baffling or both—that’s blockchain. Aiming to … Continue Reading
By now most smartphone users are aware of location tracking used by both Apple and Android operating systems. Basic location tracking is a system which uses GPS data to know the phone user’s location. However, according to a recent article published by Quartz, Google’s data collection goes far beyond basic location tracking. Not only does … Continue Reading
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results … Continue Reading
In what appears to be a case of first impression in the Commonwealth of Massachusetts, the Supreme Judicial Court (SJC) has ruled that Yahoo may disclose the contents of a deceased’s Yahoo email account to his personal representatives and is not precluded from doing so by the Stored Communications Act (SCA). The subscriber passed away … Continue Reading
The warrant that led to the arrest of a husband for the alleged murder of his wife weaves a web of electronic evidence. Based in large part on Fitbit fitness tracker data, Connecticut authorities have charged Richard Dabate with the murder of his wife, Connie. He also faces charges of tampering with evidence and making … Continue Reading
Phone call scams are on the rise. In addition to scam artists posing as employees of utility companies (see Privacy Tip #84), the Office of the Inspector General (OIG) has issued a warning to consumers about a phone scam involving imposters of its agency. The imposters call consumers saying they are from the OIG and … Continue Reading
We previously reported that Banner Health (Banner) started sending notices to over 3.7 million individuals about a data breach that started with food and beverage purchases and ended up compromising employee and patient information [view related post]. This data breach is the largest so far this year. Less than a week after Banner started sending out … Continue Reading
This week, in Salt Lake City, lawmakers approved a bill that would allow Utah authorities (i.e., firefighters or law enforcement) to disable and down drones if they are being flown too close to wildfires. Governor Gary Herbert said, “This summer, wildfires in the state have become significantly worse due to drones interrupting air operations. It … Continue Reading
On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and (ii) the applicability of HIPAA’s Breach Notification Rule to ransomware attacks. This guidance is particularly timely due to the … Continue Reading
The Centers for Medicare and Medicaid Services released a final rule permitting “qualified entities” to sell Medicare claims data to providers and others for use in improving quality of care. The rule expands on CMS’ Qualified Entity Program, which permits organizations to apply to become qualified to receive Medicare Parts A, B, and D claims … Continue Reading
Many industries are starting to explore a new area for drone operations – the sports industry. Slowly, but surely, the use of drones for live sports coverage is expanding. In 2014, drones were used to film skiing and snowboarding events at the Winter Olympics, as well as at the Formula One Races, the X Games, … Continue Reading
In a third update to the data breach of 6.5 million kids’ information and 5 million parents’ information, VTech Holdings Ltd. (VTech) is facing backlash from plaintiffs’ attorneys and regulators. First, VTech Electronics North America LLC was hit with the now usual class action suits following a data breach–two so far–filed in the Northern District … Continue Reading
On November 6, 2015, the EU Commission released its guidance for businesses relating to the EU safe harbor. The commission indicated that since the invalidation of the safe harbor framework, it has “stepped up” talks with the U.S. regarding transfer of data from the EU to the U.S. but acknowledged that global companies were seeking … Continue Reading
Dow Jones & Co. has notified 3500 of its customers that their information was accessed by an unauthorized individual in a data breach that spanned from August 2012 through July 2015. The unauthorized access, through malware, exposed the names, addresses, email addresses, telephone numbers, and credit card information of 3,500 subscribers, including subscribers to The Wall … Continue Reading
U.S. District Judge Gary Feinerman denied Amazon, Inc.’s (Amazon) motion for summary judgment on October 7, 2015, in Illinois federal court, in a class action case over alleged violations of the Fair Credit Reporting Act (FCRA), stating that while Amazon said it offered plaintiff compensation to drop his accusations, “there is no offer of judgment … Continue Reading
We previously reported on the prosecutions of Darkode members. Three more members of the computer hacking forum Darkode have pled guilty to accessing protected computers without permission, and for violating the CANSPAM Act. All three (in addition to 9 others prosecuted several weeks ago) were part of a scheme to scan for and infiltrate internet … Continue Reading
On August 21, 2015, the 11th Circuit upheld the dismissal of a class action against DCI Biologicals, Inc. (DCI) for its alleged violations of the Telephone Consumer Protection Act (TCPA). DCI is a blood plasma collection center, and a blood plasma donor, Joseph Murphy, alleged that DCI sent him unsolicited text messages using an autodialer. … Continue Reading
Yesterday, the National Cybersecurity Center of Excellence issued its NIST Cybersecurity Practice Guide, Draft Special Publication 1800-2 “Identity and Access Management for Electric Utilities.” The Guide is a result of collaboration between NIST and utilities stakeholders, including the energy sector and technology vendors, to design an example solution to help energy companies manage and control … Continue Reading
Samsung recently announced that more than 600 million Samsung mobile devices contained a factory installed third party software produced by SwiftKey that predicts the words you will type on your keyboards. The issue with the SwiftKey software is its contains a flaw that permits hackers to access the device when the Keychain software is applying … Continue Reading
On March 30, 2015, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (Proposed Rule) setting forth meaningful use criteria for Stage 3 of the Medicare and Medicaid Electronic Health Record Incentive Programs (EHR Incentive Programs). CMS intends for Stage 3 to be the final stage of the EHR Incentive Programs, and … Continue Reading
I had the honor of teaching the inaugural (and hopefully annual) Privacy Law class at Roger Williams University Law School in Bristol, Rhode Island. An interesting statistic is that only approximately 25% of law schools in the U.S. offer a course on Privacy Law. Roger Williams University is on the cutting edge (and yes, I … Continue Reading
