The Obamacare health exchange in Colorado faced “numerous weaknesses” and had “inadequate security settings,” leaving the personal information of enrollees vulnerable, according to a new audit.
The inspector general for the Department of Health and Human Services publicly released its review of Connect for Health Colorado on Wednesday, revealing the exchange had inadequate security measures in place for more than a year.
Hewlett Packard Enterprise’s (HPE) new cyber-risk report has not been shy in claiming legislators are ‘pushing research underground’.
The report, which HPE releases every year, coalesces all the company’s security research into one hefty, 100-page document. Among its conclusions this year were that governments are impinging upon the tech industry’s ability to develop, as well as squashing privacy rights in the wake of mounting international security threats.
U.S. District Judge Lucy Koh’s first major ruling in data-breach lawsuits against major health insurer Anthem Inc. didn’t do much to clarify how the litigation itself will ultimately play out.
In her decision, Koh addressed for the first time the question of whether the loss of personal information constitutes harm under New York’s General Business Law, a consumer protection law similar to California’s Unfair Competition Law. It does, she ruled, rejecting arguments from Anthem and its lawyers at Hogan Lovells and expanding reasoning she has applied in at least one earlier data-breach case.
Koh’s ruling in In Re Anthem Data Breach Litigation builds on the Adobe decision. Like in Adobe, Koh recognized that the theft of personal identification information is a harm to consumers in itself separate from any subsequent misuse of it.