Data Breach

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

Marriott data breach: key tips

The Marriott data breach announced on Nov. 30, 2018 is a significant breach, reaching across multiple countries and affecting an estimated 500 million people. The breach includes an array of data that does create the potential for meaningful identity theft risk. Who does the breach affect? The breach affected guests who booked through Marriott’s Starwood

FTC announces expanded settlement with Uber, WPF comments included

The FTC finalized an expanded settlement with Uber, Inc. regarding the company’s data security practices. According to the FTC complaint, in the midst of the Commission’s original investigation, Uber experienced a second serious breach and waited more than a year after learning of the breach before informing the public or the Commission. The World Privacy Forum

World Privacy Forum statement on federal privacy regulation & data brokers

The current debate over federal privacy regulation must be inclusive of secondary and tertiary uses of consumer data. WPF Executive Director Pam Dixon says: “Through our longstanding work regarding data brokers and related harms to consumers, it is abundantly clear that if Congress enacts privacy legislation that fails to effectively regulate data brokers and stop the consumer harms they directly cause, any legislation enacted will be a failure.”

Voting system data breach notifications – National Academies of Science recommendations for securing voting systems

The National Academies of Science have released Securing the Vote: Protecting American Democracy. The consensus report richly documents how, during the 2016 presidential election, actors sponsored by the Russian government attacked the US voting and election infrastructure. The report assesses the web of technology infrastructures related to voting, and gives detailed recommendations for strengthening these