Must be easy to hack these systems.
Brian Krebs reports:
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations.
Hyatt’s notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data stolen as a result. Hyatt did say that it has taken steps to strengthen its systems, and that “customers can feel confident using payment cards at Hyatt hotels worldwide.”
Read more on KrebsOnSecurity.com.
[From
the article:
Hyatt joins a crowded list of other hotel chains
similarly breached in the past year, including Hilton,
Starwood,
Mandarin
Oriental, White
Lodging and the Trump
Collection.
We live in a complicated world. (Don't you love
it when one lawyer can confuse another?)
Yesterday morning, some of were following up on a
ProPublica
report about a New Jersey clinic who, when suing patients for
overdue accounts, included their diagnostic codes in materials sent
to their collection agency. Those records – containing the
patients’ names, diagnostic codes, and treatment codes – became
part of public court records.
There were some interesting questions raised by
the case. The Short Hills Associates in Clinical Psychology provides
its patients with its notice of privacy practices, but when an
aggrieved patient filed a complaint with HHS over the disclosure of
his diagnostic code, OCR closed the case without action because
the clinic – using paper records for transactions – was not a
HIPAA-covered entity.
But what about the collection agency? If the
clinic was not a HIPAA-covered entity, was the collection then not a
Business Associate under HIPAA? At first blush, it might seem
unreasonable to think that they could still be a business associate
and subject to HIPAA’s restrictions on only disclosing what is
necessary to obtain payment.
But Texas attorney Jeff Drummond raised some very
interesting points in our discussion, including one that if
the collection agency was a BA for any other entity, then they might
be covered by HIPAA to protect all clients’ patient records.
Jeff has blogged about the issues raised by this
case on HIPAA
Blog. It’s a post – and interpretation of HIPAA – that I
found surprising, to say the least. I would love to see a panel
discuss this issue at a conference. In the meantime, I may shoot a
link to it over to HHS to ask for their reaction.
In the meantime, go read Jeff’s post.
Is the FAA encouraging more restrictions or
looking for better wording?
FAA Issues
Fact Sheet on State and Local UAS Laws
by Sabrina
I. Pacifici on Dec 23, 2015
December 17, 2015 – “The Federal Aviation
Administration’s (FAA) new
fact sheet on state and local regulation of unmanned aircraft systems
(UAS) provides information for states and municipalities considering
laws or regulations addressing UAS use. The document outlines FAA’s
safety reasons for federal oversight of aviation and airspace, and
explains federal responsibility in this area. The fact sheet
provides examples of state
and local laws affecting UAS for which consultation with
the FAA is recommended, such as restrictions on flight altitude or
flight paths, regulation of the navigable airspace, and mandating
UAS-specific equipment or training. The fact sheet also gives
examples of UAS laws likely to fall within state and local government
authority, such as requirements for police to obtain a warrant prior
to using UAS for surveillance; prohibitions on the use of UAS for
voyeurism; exclusions on using UAS for hunting or fishing, or
harassing individuals engaged in those activities; and prohibitions
on attaching firearms or other weapons to a UAS.”
So you don't have to get x-rayed, unless you do.
Can you then opt-out? Probably not.
Full-body
TSA scans are mandatory for 'some passengers'
… Now the Advanced Imaging Technologies (AIT)
using Automatic Target Recognition (ATR) will be mandatory in certain
cases. Slashgear
notes that prior to this the scanners were opt-in, and one could
go through a contactless, non-imaging scan instead. That option will
exist, but security agents
can insist on mandatory screening "for some passengers."
The
argument the DHS gives (PDF) is that these scanners are more
capable of detecting prohibited, non-metallic items that could
be hidden under a few layers of clothing than a metal detector
wand would be.
Evan I might read a couple of these.
11
Exceptional Legal Tech White Papers from 2015
by Sabrina
I. Pacifici on Dec 23, 2015
LexisNexis Business of Law Blog: “White papers
are a place for deep thinking – deep thinking that is data-driven.
Combine that data with innumerable client engagements, from small law
firms to large – and from corporate legal departments to legal
services bureaus – and we’re able to chronicle insights for the
market in neatly packaged white papers. As part of our 2015
roundup series, here’s
an at-a-glance listing of many of the white papers we’ve publish
this year.”
Perspective. Free is not always trusted.
Facebook
goes all out for saving Free Basics in India
NEW DELHI: Social media giant Facebook has started
an aggressive campaign in India to gather public support for its free
internet platform 'Free Basics.'
… The Telecom Regulatory Authority of India
(Trai) has asked RCom to keep the service in abeyance till there is a
decision on its consultation process around differential pricing of
data by operators is sorted out. The last date for public comments
on Trai's paper is December 30.
… The regulator has received close to 5.7 lakh
[570,000 Bob]
comments out which over 5.5 lakh comments are through Facebook's
campaign.
I will not use this line on my students. I will
not use this line on my students. I will not use this line on my
students.
No comments:
Post a Comment