A recent hacking incident involving a firm that staffs U.S. hospitals' emergency departments with physicians serves as a reminder of tricky questions that can pop up when a vendor has a breach impacting patient data.
Twitter has apologized after it discovered that it had been inadvertently storing users' passwords in plaintext in an internal log, potentially putting them at risk. Twitter has blamed a bug for the fault and recommends all users change their passwords immediately.
Australia's Commonwealth Bank has confirmed that two magnetic tapes containing transaction information for 19.8 million accounts went missing two years ago after mishandling by a subcontractor. A forensic investigation concluded the tapes were likely destroyed, and no fraudulent activity has been detected.
Yahoo, now known as Altaba, has agreed to a $35 million civil fine with the U.S. Securities and Exchange Commission to settle accusations that the search giant failed to promptly notify investors about a December 2014 data breach.
Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.
Unauthorized access to an employee's email account has resulted in a breach affecting 30,000 current and former rental customers of Inogen, a maker and supplier of oxygen equipment, which notes that its insurance may not cover all related costs.
Uber has agreed to stricter monitoring by the U.S. Federal Trade Commission following its concealment of a 2016 data breach while it was negotiating with the agency for a settlement tied to a separate, yet similar, breach two years prior.
With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene, who offers an in-depth analysis.
A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider 7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
Department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor have suffered a data breach that apparently exposed details on 5 million payment cards. Cybersecurity firm Gemini Advisory says the JokerStash syndicate - aka Carbanak gang - is selling the stolen card data.
Despite the White House's request for deep budget cuts, Congress passed and President Trump signed into law last week flat funding for the current fiscal year for the two federal agencies responsible for health information privacy and security issues, including HIPAA enforcement.
Expedia's Orbitz travel fare search engine says it may have suffered a breach that resulted in 880,000 payment cards being compromised, along with other customer data, over a two-year period. Orbitz says the apparent breach involved a legacy system no longer connected to its site.
Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case.
Based on the feedback it received, the Office of the National Coordinator for Health IT will consider making tweaks to its proposed Trusted Exchange Framework and Common Agreement, including provisions related to privacy and security, says ONC's Genevieve Morris.