Military commanders have mounted a cyberoffensive against Islamic State in Iraq and Syria in recent weeks by deploying hackers to penetrate the extremist group’s computer and cellphone networks, according to the Pentagon.
The cyberassault, which Defense Secretary Ashton Carter authorized last month, marks the first time teams from U.S. Cyber Command have been integrated into an active battlefield since the command was established in 2009.
A hacker on the dark web forum Hell claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com.
“Their server was compromised and the MySQL database was dumped,” the hacker, who asked to remain anonymous, told Motherboard. “I had shell/command access to their server.”
What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit?
If a covered entity discovers that the PHI was breached in transit to the designated third party, and the PHI was “unsecured PHI” as defined at 45 CFR 164.402, the covered entity generally is obligated to notify the individual and HHS of the breach and otherwise comply with the HIPAA Breach Notification Rule at 45 CFR 164, Subpart D. However, if the individual requested that the covered entity transmit the PHI in an unsecure manner (e.g., unencrypted), and, after being warned of the security risks to the PHI associated with the unsecure transmission, maintained her preference to have the PHI sent in that manner, the covered entity is not responsible for a disclosure of PHI while in transmission to the designated third party, including any breach notification obligations that would otherwise be required. Further, a covered entity is not liable for what happens to the PHI once the designated third party receives the information as directed by the individual in the access request.