Top Stories
Cybersecurity Risks and Privacy Rules Add Pressure on Boards - WSJ
Companies shouldn’t wait for new rules around cybersecurity, privacy and emerging technologies to be finalized before preparing for them, lawyers say, particularly as senior executives with the right experience can be hard to come by.
Breaches
Acuity Agrees to Lawsuit Settlement After 100K-Impacted Data Breach
Acuity has agreed to bolster cybersecurity and compensate up to $500 per victim to settle the lawsuit involving a healthcare data breach that exposed PHI.
Cybersecurity Incident at MercyOne Triggers Potential Patient Data Loss
Though patient care was unaffected, the security breach blocked access to its systems until remediation occurred. The cybersecurity incident exposed various types of PHI, ranging from names and addresses to mental or physical treatment details and insurance data.
Security
Why Companies Shouldn’t Try to Catch Employees With Fake Phishing Emails - WSJ
They can create stress and distrust among employees—without significantly improving an organization’s defenses
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.
Privacy
Psychiatry Practice Fined for Posting PHI Online
Federal regulators fined a New Jersey psychiatric care provider after it disclosed patient information online in response to negative online reviews.
Microsoft Pays $20M to Settle FTC COPPA Complaint
Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the Xbox Live registration process.
Europe
Microsoft Sets Aside $425M for Anticipated GDPR Fine
Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network.
Misc
Oakland hit with class-action lawsuit by city employees over ransomware attack
The massive ransomware attack that exposed reams of sensitive personal data stored by the city is now the subject of a class-action lawsuit by city employees who say their information wasn’t properly protected.
Arizona Man Pleads Guilty to Criminal HIPAA Violation
Between July 2014 and May 2017, Prunty used his position as an employee at an Arizona medical facility to unlawfully access medical intake forms containing sensitive patient information, such as names, Social Security numbers, birth dates, employer information, diagnoses, and medical information.
Prunty went on to share that sensitive information with his co-conspirators, who subsequently used the information to open credit card accounts and access the existing bank accounts of patients. Prunty himself improperly accessed the private information of nearly 500 patients, resulting in losses of $132,521, the US Attorney’s Office for the Northern District of Indiana stated.