Navigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Category Archives: Data Breach Notification
Subscribe to Data Breach Notification RSS FeedSymantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security, Privacy RegulationWritten by Cynthia J. Larose and Adam Veness Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach. As a result of that… Continue Reading
Data Security Breach Alert: 1.5 Million Credit Card Customers Affected — UPDATE
Posted in Data Breach, Data Breach Notification, SecurityUPDATE: Initial reports of numbers of compromised records in data security breaches are often underestimated. Such appears to be the case in the Global Payments, Inc. incident that we wrote about last month. Initial reports stated that about 1.5 million credit and debit cards were compromised, but it is now believed that the number is… Continue Reading
The cost of HIPAA non-compliance – $17 million – UPDATE
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHWritten by Kevin McGinty If it wasn’t clear before, a recent settlement of HIPAA claims brought by the Department of Health and Human Services against BlueCross BlueShield of Tennessee (“BCBST”) underscores the high regulatory cost of non-compliance with privacy requirements. HHS announced on March 13, 2012 that BCBST has agreed to pay $1.5 million… Continue Reading
HIPAA Breach Reporting Deadline Approaching
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECHOur colleagues over at the Mintz Health Law Policy Matters blog have posted a reminder about the approaching annual HITECH data breach reporting deadline. All “small” calendar year 2011 breaches affecting fewer than 500 must be reported to the Office of Human Rights by the end of February. If you think this may be you,… Continue Reading
Comprehensive Data Protection Reform Proposal Released by European Commission
Posted in Data Breach Notification, European Union, Legislation, Privacy Regulation, UncategorizedInternational Data Protection and Privacy Day is Monday, January 28th. The European Commission certainly found a way to mark the day. After weeks of intense speculation, the European Commission has released its sweeping package of legislation to reform the Data Protection Directive. We are analyzing the entire legislative package, which includes a new regulation and a directive… Continue Reading
Things to do in 2012: Questions to Ask of Cloud Vendors
Posted in Data Breach Notification, Data Compliance & Security, European Union, HIPAA/HITECH, SecurityAdoption of cloud computing is certainly on the increase — but 2011 has seen evidence of some of the risks associated with moving to the cloud. Notable among the year’s data breaches was the breach at e-mail marketer Epsilon Data. To quickly refresh your memory, Epsilon was the victim of a hacking attack, and once… Continue Reading
HIPAA Audits Begin; Huge Medical Data Theft from California Provider
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOur sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights. That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
First Circuit Finds that Fraud Mitigation Costs Can Constitute Cognizable Damages, Reinstates Some Previously Dismissed Claims in Hannaford Data Breach Litigation
Posted in Data Breach Notification, Privacy Litigation Written by Kevin McGinty In yet another privacy class action addressing the question of whether data breach claimants have suffered legally cognizable damages, the First Circuit’s ruling in Anderson v. Hannaford Bros. Co., Nos. 10-2384, 10-2450 (1st Cir. Oct. 20, 2011), reversed the trial court’s dismissal of negligence and implied contract claims arising from… Continue Reading
Update on Patient Information Breaches
Posted in Class Action Litigation, Data Breach, Data Breach Notification, HIPAA/HITECHWritten by Dianne Bourque Nemours Children’s Health System has reported the loss of three, unencrypted computer backup takes containing patient billing and employee payroll data. The tapes had been stored in a locked cabinet, and were reported missing on September 8th. It is believed that they may have been removed in early August during a… Continue Reading
State Data Breach Notification Laws – The Mintz Matrix
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe update the myriad of state data breach notification laws on a quarterly basis in what we fondly call the Mintz Data Breach Matrix. Hot off the presses is the version current as of October 1, 2011. All the usual disclaimers apply: in the event of a multi-state data breach, the matrix is not a… Continue Reading
Is “faster” public notice of a breach really “better”?
Posted in Data Breach, Data Breach NotificationPressure has been mounting on companies to “go public” with notice of large data breaches even quicker than they have been. In the forensics world, “faster” is not always “better” and can put inside investigations of such incidents at risk. Our friends at William Gallagher have posted an interesting analysis of the importance of post-breach… Continue Reading
Privacy Still on Congressional Radar Screen
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, LegislationLawmakers, industry leaders and officials from the Federal Communications Commission, the Federal Trade Commission and the Department of Commerce generally expressed support last week for Federal legislation on Internet privacy and data security during a Senate Commerce Committee hearing. Senate Commerce Committee Chairman Jay Rockefeller (D-WV), who introduced S. 913, the “Do-Not-Track Online Act of 2011,” which… Continue Reading
It’s Tax Time — Use Caution with those W-2 Forms
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe’ve had several questions lately regarding “mixups” with mailings of W-2 forms, and whether certain situations are really “data breaches.” Some Attorneys General are taking the position that the employer is responsible for providing notice to affected individuals (employees and former employees) and providing the required AG notice letters in the event that tax forms containing personal information… Continue Reading
Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & SecuritySince March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that. Twin America LLC, the parent company of… Continue Reading
Executive Summary: Commerce Department Issues Privacy “Green Paper”
Posted in Data Breach NotificationWritten by Anagha Prasad Introduction In an effort to reexamine and improve upon commercial data privacy, the Internet Policy Task Force (IPTF) released a green paper entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” Based on consultations, written submissions, and extensive research, the document makes various policy recommendations regarding… Continue Reading
Remember the old quote about “prior preparation?”
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityMintz Levin has prepared a State Data Breach Laws matrix to help assess obligations under state data breach notification laws in the event of a data security incident.
WellPoint Sued by Indiana AG for $300K – UPDATE
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH(This post is updated to include links to the Indiana Attorney General’s press release and a copy of the complaint) Back on July 1, we blogged in this space about a very large data breach experienced by health insurer WellPoint. According to WellPoint, over 470,000 individual insurance customers may have been affected by a breach that… Continue Reading
