Month: August 2014

Law Firm Data Breach Shows Need for a Comprehensive Security Program

This would be pretty embarrassing, coming from your (or my) firm: [Your firm] “is writing to inform you of an incident involving theft of a backup hard drive that may have contained some of your information.” That is how a letter dated August 26, 2014, from Imhoff & Associates, a criminal defense firm, to its clients among others, starts.   It continues, “we have confirmed that the hard drive may have contained your name, birthday, Social Security number, driver’s license number, and contact information, such as your home address, e-mail and phone number. According to the letter, a hard drive...

Read More

The Heartbleed Bug Strikes Big Hospital Group

Community Health Systems (CHS) is the second largest private hospital system in the United States.   According to its web site, “the organization’s affiliates own, operate or lease 206 hospitals in 29 states with approximately 31,100 licensed beds.” Perhaps the big security breaches provide the best cautionary tales about the need to use best efforts to secure protected data, particularly in the health care field for data protected by HIPAA. In a filing with the SEC on August 18, 2014, CHS indicated that its computer network was the target of an external attack originating in China which it believes occurred in April and June 2014.  According to CHS, “the attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company…. The Company has been informed by federal authorities and Mandiant [its forensic expert] that this intruder has typically sought valuable intellectual property, such as medical device and equipment development data. However, in this instance the data transferred was non-medical patient identification data related to the Company’s physician practice operations and affected approximately 4.5 million individuals who, in the last five years, were referred for or received services from physicians affiliated with the Company.” This data breach is, according to Bloomberg News, the first known breach of the Heartbleed web-security flaw.  Heartbleed gives hackers the ability to steal secret keys used to encrypt...

Read More