Tag Archives: Data Breach

Hard Drives Holding Health Data Missing At Medical Insurer

by Chris Rauber, San Francisco Business Times

The latest in a series of huge data losses in the health care realm — health insurer Centene’s loss of six hard drives containing personal information on 950,000 enrollees — raises more questions about the security of health data that consumers entrust to insurance companies, hospital systems, Medicare, Medicaid and other big players. … Confidential health care data can sell in murky portions of the Internet for $10 to $50 per record — far more than the roughly $1 a simple credit-card number is worth. Medicare records are even more valuable, … and can sell for as much as $470 per record. Read More ›

Wendy’s Probes Reports Of Credit Card Breach

by Brian Krebs, KrebsOnSecurity

Wendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. The acknowledgment comes in response to questions from KrebsOnSecurity about banking industry sources who discovered a pattern of fraud on cards that were all recently used at various Wendy’s locations.
Bob Bertini, spokesperson for the Dublin, Ohio-based restauranteur, said the company began receiving reports earlier this month from its payment industry contacts about a potential breach and that Wendy’s has hired a security firm to investigate the claims. Read More ›

FTC Is Falling Short In Protecting Consumers’ Data Used By Businesses

by David Lazarus, Los Angeles Times

In California, businesses are required to report a data breach only if it’s “reasonably believed” that unencrypted data has fallen into the hands of hackers. Since 2005, according to the Privacy Rights Clearinghouse in San Diego, nearly 896 million consumer records have been put at risk by more than 4,700 known data breaches. The actual number of breaches, said Beth Givens, the advocacy group’s executive director, “is almost certainly much higher but never were reported.” The FTC has asked Congress for more authority to regulate privacy matters. So far, Congress has ignored the agency’s requests. Read More ›

Few Consequences For Health Privacy Law’s Repeat Offenders

by Charles Ornstein and Annie Waldman, ProPublica

ProPublica has reported on loopholes in [the Health Insurance Portability and Accountability Act] and the federal government’s lax enforcement of the law. … The data analyzed for this story show the problem goes beyond isolated incidents, carrying few consequences even for those who violate the law the most. … “Often, when we take a look into those breaches, what we find is that they were not accidents,” [said an OCR director]. “What contributed to the breach of thousands, if not tens of thousands of records, was systemic noncompliance . . . over a period oftentimes of years.” Read More ›

Paris Attacks Spark Another Fight Against Encryption

by Sean Sposito, San Francisco Chronicle

walking smartphone aps illustration

[Encryption “back-doors” for law enforcement] won’t necessarily weaken terrorist organizations’ ability to communicate with each other over the Internet. … But what it could do is make it easier for criminals and terrorists to access our financial, medical and other personal records, said Pam Dixon, the executive director of the World Privacy Forum in San Diego. They might find a way through the back-door as well. “Strong crypto means good security for all of us,” she said. “It means that banks and hospitals can secure financial and other transactions in our digital world.” Read More ›

Comcast Must Pay $33M To Settle Charges It Listed 75,000 Unlisted Phone Numbers

by Ashlee Kieler, Consumerist

The problem arose after Comcast implemented a new process for producing and disseminating listing information for its residential phone customers in late 2009. Under the system, Comcast sent non-published listings to a third-party company, while placing a “privacy flag” on the non-published listings. However, the flag was never attached to approximately 75,000 non-published/non-listed subscribers. As a result, that information – for which customers paid between $1.25 and $1.50 per month to keep unlisted – appeared in certain county phone books for the years of 2010 and 2011.
The issue came to light in 2012 … Read More ›

Who Else Has Accessed Your Medical Data?

by Lisa Zamosky, Los Angeles Times

So far in 2015 alone, there have been more than 32 health data breaches as a result of hacking, according to the U.S. Health and Human Services Office for Civil Rights. “Health records are more valuable to identity thieves than financial records, and they can actually be sold at a premium on the black market,” [says one expert]. … It’s a more complicated crime to resolve than financial theft, with fewer protections in place to help patients whose information is stolen. … Medical identity theft can also dangerously cause someone else’s health data to get intertwined with yours. Read More ›

UCLA Health System Data Breach Affects 4.5 Million Patients

by Chad Terhune, Los Angeles Times

Computer screen data

This cyberattack at UCLA comes on the heels of a major breach of federal employee records and a massive hack at health insurance giant Anthem Inc. affecting 80 million Americans this year. The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling. The revelation that UCLA hadn’t taken the basic step of encrypting this patient data drew swift criticism from security experts and patient advocates. Read More ›

70 Million Americans Report Stolen Data

by Donna Tapellini, Consumer Reports

While some of those incidents may have resulted from stolen credit cards or other crimes, many stemmed from data breaches. And, as a slew of widely reported breaches last year showed, not only online shoppers are at risk. According to Consumer Reports’s survey, 79% of those notified of a data breach were told by a brick-and-mortar store or a financial institution. Just eighteen percent said the problem originated with an online retailer. Read More ›

Federal Data-Breach Bill Would Replace Dozens Of Stronger State Laws

by David Lazarus, Los Angeles Times

Computer screen data

Among other significant differences between the federal bill and the state’s notification law, according to the Consumer Federation of California: The federal law would eliminate a state requirement that the California attorney general be given notice of any security breach; it would allow the state attorney general to file a civil lawsuit but prevent individuals from suing over a data breach; it would no longer require breached companies to provide free ID theft protection services, such as credit monitoring and fraud alerts. Read More ›

1 2 3 4