Compiled by: Richard Sheinis, Esq. Hilton hotels hit by cyber attack Sky News Australia US hotel chain Hilton says hackers stole credit card information from some of its point-of-sale computer systems. Hilton did not reveal the extent of the … 10M Target Data Breach Settlement Obtains Final Approval The Target data breach settlement has reached final approval for the $10 million dollar settlement to resolve claims in the multidistrict litigation. 11 latest healthcare data breaches Becker’s Hospital Review The following healthcare data breaches were reported on Becker’s Hospital Review within the past month. 1. Owensboro (Ky.) Health notified patients … Medical Company LabMD Sues FTC Lawyers Over Data-Privacy Case The National Law Journal An Atlanta-based medical testing company that claims to have been put out of business under the weight of a Federal Trade Commission data-privacy … US Advised to Examine ‘Hack Back’ Options Against China ABC News China…       Read More

Written by: Lauren Dimitri, Esq. Signs are everywhere! In your office building (“Wet Floor”), on the sidewalk as you walk to lunch (“Sidewalk Closed”) or on the highway as you drive to work (“One Call, That’s All”). Signs are often hard to ignore because they are always in your face. However, what happens if you miss a sign? Or, what happens if you are looking for specific information on a sign and it is missing or incorrectly listed? Well, if your sense of direction is like mine, you may be embarrassed to comment. Of course, that’s not what I mean though. What I’m asking is: what if one of your required postings contains errors or has missing information? We occasionally encounter difficulties with claimant’s attorneys seeking to invalidate an employer’s panel of physicians on minor technicalities, such as out of date or incorrect phone numbers and addresses. In two fairly…       Read More

Compiled by: Richard Sheinis, Esq. Keystroke Logger Leads to Health Data Breach at KY Hospital OH Muhlenberg, LLC recently experienced a keystroke logger cyberattack, which lead to a health data breach, according to a hospital statement. UC Medical Center Email Typo Results in PHI Data Breach After an emailing error, the University of Cincinnati Medical Center has announced a health data breach potentially compromising the PHI of 1,064 … Judge sentences ‘revenge porn’ hacker to 2 years in federal prison Los Angeles Times In February, Moore, a resident of Woodland, pleaded guilty to federal charges of identity theft and computer hacking. He’s scheduled to be sentenced … A startup that chooses where to invest people’s money admits it accidentally emailed sensitive data … Business Insider Nutmeg, a startup that provides investment management services via the internet, admitted that it suffered a technical glitch that allowed its customers ……       Read More

Written by: Richard Sheinis, Esq. In a surprising ruling, the FTC has taken a big hit to its self-appointed power to regulate the data security practices of every business in the country. On Friday, November 13, the FTC Chief Administrative Law Judge Michael Chappell dismissed the FTC’s complaint alleging that LabMD failed to provide reasonable and appropriate security for sensitive personal data. The case started seven (7) years ago when LabMD, a cancer testing laboratory, was reported by infosecurity firm Tiversa to have made a file containing personal data of 1,718 patients available via peer-to-peer sharing software LimeWire. The FTC filed a complaint alleging that LabMD’s lack of appropriate security was an unfair act or practice in violation of Section 5(a) of the FTC Act. To prove that a business was engaged in an unfair act or practice, the FTC must show that the act or practice caused, or is…       Read More

Compiled by: Richard Sheinis, Esq. Three Indicted in US in Connection With Massive 2014 JPMorgan Cyberattack Newsweek Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein were charged on Tuesday over the 2014 JPMorgan cyberattack, in a 23-count indictment with … Cyber Risk to Healthcare Sector Continues to Grow, FBI Says Health Data Managment Adding to the threat vector, the FBI in September issued an alert warning about the cybersecurity risks that networked medical devices and wearables … Congress moves to give Europeans stronger data privacy rights in the US USA TODAY WASHINGTON – Congress is moving to pass legislation giving Europeans the same privacy rights as Americans when it comes to how the U.S. … Facebook Vows to Appeal Belgian Ruling on Data Privacy New York Times The efforts are part of Europe’s strict data protection rules that have enshrined an individual’s privacy as a fundamental right on par with…       Read More

By: Richard Sheinis, Esq. The medical industry is taking advantage of wireless technology to change the very premise of how case has been provided for hundreds of years. Regardless of whether a doctor was performing bloodletting in the 1700’s or an appendectomy in 2000, the one constant was that the patient and doctor always had to be in each other’s presence for the care to be provided. While this is still true for the majority of health care, the practice of remote health care practiced through the internet, and other wireless methods of communication is upon us like a tidal wave of technology. Just a few months ago the FDA encouraged health care facilities to stop using the Hospira Infusion System due to cybersecurity vulnerabilities. Shortly before that I blogged about an attack vector identified by TrapX Laboratories, called MEDJACK or “Medical Device Hi-Jack.” Internet connected or wireless medical devices…       Read More

Compiled by: Richard Sheinis, Esq. Third man arrested over TalkTalk hack as Vodafone reveals cyberattack of its own CNET Yet another UK telecom company has fallen victim to hackers. … The unnamed 20-year-old was arrested on suspicion of Computer Misuse Act … Healthcare Data Security: All Trick and no Treat Healthcare Informatics (blog) But no matter which scary flick I choose, perhaps nothing will be scarier than something I saw recently on healthcare data security. Here’s what I’m Data Breach at Web Host Exposes 13 Million Passwords in Plain Text eSecurity Planet The data, which appears to have been stolen in March 2015, includes names, … Hunt was alerted to the breach by an anonymous note stating, “Hey, … St. Francis: Employee fired after data breach, SLED investigating WHNS Greenville Bon Secours St. Francis Health System is actively investigating a data breach by a former employee after they said she…       Read More