data breach Archives - Page 3 of 5

Coming Soon to Singapore: Mandatory Data Breach Notifications

Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.

Continue reading “Coming Soon to Singapore: Mandatory Data Breach Notifications”

$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals

Cottage Health and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) recently entered into a $3 million no-fault settlement and three year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This was HHS-OCR’s last HIPAA related settlement of 2018 – a record year in HIPAA enforcement activity, as detailed in this DBR on Data blog post.

Continue reading “$3 Million Settlement for Two Separate HIPAA Breaches Affecting Over 62,500 Individuals”

N.Y. Attorney General Enforces Mobile App Security Initiative, Announces Settlements with Five Companies

In December 2018, the New York Attorney General’s Office announced settlements with five companies operating mobile apps, including Equifax and Western Union. The N.Y. Attorney General stated that the companies failed to keep sensitive information secure on their mobile apps and have agreed to implement improved security controls. The settlements came following a data privacy initiative by the Attorney General’s Office to proactively identify security vulnerabilities before consumer information is breached. As part of this effort, the Attorney General’s Office tested dozens of mobile apps that collect sensitive information.

Continue reading “N.Y. Attorney General Enforces Mobile App Security Initiative, Announces Settlements with Five Companies”

Charges Connected to Hack of SEC’s EDGAR System Discussed in SECurities and Law Perspectives

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

Continue reading “Charges Connected to Hack of SEC’s EDGAR System Discussed in SECurities and Law Perspectives”

House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies

After a 14-month investigation into the 2017 Equifax data breach, which was one the largest in U.S. history, the House Oversight and Government Reform Committee released a report in December.

Continue reading “House Committee Staff Report Finds Equifax Data Breach Entirely Preventable, Provides Recommendations for Consumer Reporting Agencies”

Business Associate Exposes Protected Health Information of 19,000 Patients

An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.

Continue reading “Business Associate Exposes Protected Health Information of 19,000 Patients”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Tag: data breach