Who can the dental group turn to? What law enforcement agency could
recover the data? Is anyone really equipt to do this?
The following is not your typical breach
notification. It relates to a situation in which a business
associate allegedly refuses to return the patient database despite
its EULA and HIPAA obligation. The press release does not indicate
whether the covered entity, Key Dental Group, is suing its former
vendor to recover the database. Nor does it indicate how many
patients have data in the database in question. DataBreaches.net has
sent inquiries both to Key Dental Group and to the vendor, MOGO, to
ask for more information and in MOGO’s case, their response to Key
Dental Group’s allegations, but has received no replies as yet.
At first blush, the allegations and situation
described below is reminiscent of a controversy
between Texas and Xerox that I had reported on in 2014. This
post will be updated if and when DataBreaches.net receives any
replies to inquiries.
On October 19, 2018 Key Dental Group, PA (Pembroke Pines, FL) received notification from its former electronic medical record vendor MOGO (414 Plaza Drive, Suite 200 Westmont, IL 60559 www.mogo.com) that MOGO would not be returning Key Dental Group PA’s electronic medical record (EMR) database as required at the termination of the end user license agreement (EULA) between the two companies. MOGO’s decision appears to violate both the EULA it had in place with Key Dental Group, PA and also various portions of the Health Insurance Portability and Accountability Act (https://www.hhs.gov/hipaa/for-professionals/faq/2074/may-a-business-associate-of-a-hipaa-covered-entity-block-or-terminate-access/index.html).
Know the enemy. Be prepared. Hope for the best,
plan for the worst.
Ransomware
Attacks Ramping up in 2018, Showing No Signs of Stopping
According to a comprehensive new report
from Datto, ransomware continues to be the leading form of cyber
attack experienced by small- and medium-sized businesses (SMBs).
… As businesses continue to adopt a
head-in-the-sand mentality about ransomware infections, one thing is
clear: these attacks have the potential to cripple any organization
that has not put the proper
backup and recovery plan into place. Revenue lost to
downtime can cripple a small business, and lost productivity or time
that is spent offline can have serious financial implications.
… Moreover, suggests Datto, SMBs should think
about having a business
continuity & disaster recovery (BCDR) solution in
place. This would help a business recover from an attack within a
short period of time, even in as little as 24 hours, without the risk
of significant business downtime that could cripple an organization.
(Related)
Synthetic
identity fraud to drive $48 billion in annual losses by 2023 –
Juniper Research
Online payment fraud losses will reach $48 billion
annually by 2023, up from the $22 billion in losses projected for
2018, a new study from Juniper Research has found.
Juniper’s
new research claims that a critical driver behind losses from
eCommerce, airline ticketing, money transfer and banking services
will be “the continued high level of data breaches resulting in the
theft of sensitive personal information.”
Synthetic identity fraud is on
the rise, researchers found. Fraudsters are using fragments of real
data gleaned from breaches to create new, synthetic identities, as
they slowly move away from pure identity theft.
… “When criminals use a blend of different
people’s data, as well as some entirely made up information, it
becomes harder for law-enforcement officials to both realize the
crime and then locate the culprit,” he is quoted as saying.
No joke.
What Do
Lawyers and Hackers Have in Common
The activities of attorneys and the activities of
hackers are not as different as you might expect, if you define
hackers as creative, unconventional problem solvers.
Each explores vast spaces of complicated systems,
looking to see how they work, both in ways intended and unintended,
and to see what they can be made to do.
In general, the law typically does not keep up
with changes in society or technology. As a result, lawyers often
must formulate new and innovative ways to address difficult legal
problems by using and combining existing legal tools in new ways.
Perspective. Clearly cash will become
increasingly rare, so I’m going to start collecting US currency. I
will pay you up to 30 cents for a $100 bill, depending on condition.
Sweden’s
Push to Get Rid of Cash Has Some Saying, ‘Not So Fast’
Few countries have been moving
toward a cashless society as fast as Sweden. But cash is being
squeezed out so quickly — with half the nation’s retailers
predicting they will stop accepting bills before 2025 — that the
government is recalculating the societal costs of a cash-free future.
The financial authorities, who once embraced the
trend, are asking banks
to keep peddling notes and coins until the government can figure
out what going cash-free means for young and old consumers. The
central bank, which predicts cash may fade from Sweden, is testing a
digital
currency — an e-krona — to keep firm control of the money
supply. Lawmakers are exploring the fate of online payments and bank
accounts if an electrical grid fails or servers are thwarted by power
failures, hackers or even war.
… Ask most people in Sweden how often they pay
with cash, and the answer is “almost never.” A fifth of Swedes,
in a country of 10 million people, do not use automated teller
machines anymore. More than 4,000 Swedes have implanted
microchips in their hands, allowing them to pay for rail travel
and food, or enter keyless offices, with a wave. Restaurants, buses,
parking lots and even pay toilets depend on clicks rather than cash.
No comments:
Post a Comment