The Department of Energy’s non-classified IT systems have recently come under successful cyberattacks at least four times, costing the department more than $2 million, the DoE inspector general said in an audit made public Monday
via 4 Cyberattacks Cost DoE At Least $2 Million.
All 4.9 million TRICARE military health plan beneficiaries that were affected by a recent data breach will be notified by mail, but they won’t be offered free credit monitoring services.
via TRICARE Breach Notification in Works.
Health and Human Services Secretary Kathleen Sebelius has appointed Leon Rodriguez as the director of the Office for Civil Rights. Among other duties, OCR enforces the HIPAA privacy, security and breach notification rules.
via Rodriguez to Lead HHS Office for Civil Rights.
A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.
via Stanford Hospital Patients’ Private Data Was Posted Online – NYTimes.com.
Most importantly, the new law PDF available here, courtesy Information Law Group states that notification must be direct. Yes, it can be electronic, but it must provide a way for the notified party to follow up with questions, and give that person a point of contact who represents the company. The company contact must be accessible through toll-free telephone, not just e-mail.
via California: Consumers Must Be Notified Directly of Data Breaches.
Data breaches, including those originating inside and outside of the organization, continue to affect companies at an alarming rate. Nearly half a billion electronic records in the United States have been compromised over the last six years
via Nearly Half a Billion Electronic Records in the U.S. Have Been Compromised.
Another week, another data breach at a major university. This week it’s Yale, which announced Friday that the names and Social Security numbers of 43,000 people affiliated with the university had been publicly viewable on Google for the past 10 months.
via Data breach hits Yale University – Technology & science – Security – msnbc.com.
KPMG, which won OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011, told the Saint Barnabas Health Care System of West Orange, NJ, in June 2010 that a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care, Saint Barnabas reported on its website.
via HIPAA Auditor Involved in Own Data Breach.