Friday, November 23, 2018

Who can the dental group turn to? What law enforcement agency could recover the data? Is anyone really equipt to do this?
The following is not your typical breach notification. It relates to a situation in which a business associate allegedly refuses to return the patient database despite its EULA and HIPAA obligation. The press release does not indicate whether the covered entity, Key Dental Group, is suing its former vendor to recover the database. Nor does it indicate how many patients have data in the database in question. DataBreaches.net has sent inquiries both to Key Dental Group and to the vendor, MOGO, to ask for more information and in MOGO’s case, their response to Key Dental Group’s allegations, but has received no replies as yet.
At first blush, the allegations and situation described below is reminiscent of a controversy between Texas and Xerox that I had reported on in 2014. This post will be updated if and when DataBreaches.net receives any replies to inquiries.
On October 19, 2018 Key Dental Group, PA (Pembroke Pines, FL) received notification from its former electronic medical record vendor MOGO (414 Plaza Drive, Suite 200 Westmont, IL 60559 www.mogo.com) that MOGO would not be returning Key Dental Group PA’s electronic medical record (EMR) database as required at the termination of the end user license agreement (EULA) between the two companies. MOGO’s decision appears to violate both the EULA it had in place with Key Dental Group, PA and also various portions of the Health Insurance Portability and Accountability Act (https://www.hhs.gov/hipaa/for-professionals/faq/2074/may-a-business-associate-of-a-hipaa-covered-entity-block-or-terminate-access/index.html).




Know the enemy. Be prepared. Hope for the best, plan for the worst.
Ransomware Attacks Ramping up in 2018, Showing No Signs of Stopping
According to a comprehensive new report from Datto, ransomware continues to be the leading form of cyber attack experienced by small- and medium-sized businesses (SMBs).
… As businesses continue to adopt a head-in-the-sand mentality about ransomware infections, one thing is clear: these attacks have the potential to cripple any organization that has not put the proper backup and recovery plan into place. Revenue lost to downtime can cripple a small business, and lost productivity or time that is spent offline can have serious financial implications.
… Moreover, suggests Datto, SMBs should think about having a business continuity & disaster recovery (BCDR) solution in place. This would help a business recover from an attack within a short period of time, even in as little as 24 hours, without the risk of significant business downtime that could cripple an organization.


(Related)
Synthetic identity fraud to drive $48 billion in annual losses by 2023 – Juniper Research
Online payment fraud losses will reach $48 billion annually by 2023, up from the $22 billion in losses projected for 2018, a new study from Juniper Research has found.
Juniper’s new research claims that a critical driver behind losses from eCommerce, airline ticketing, money transfer and banking services will be “the continued high level of data breaches resulting in the theft of sensitive personal information.”
Synthetic identity fraud is on the rise, researchers found. Fraudsters are using fragments of real data gleaned from breaches to create new, synthetic identities, as they slowly move away from pure identity theft.
… “When criminals use a blend of different people’s data, as well as some entirely made up information, it becomes harder for law-enforcement officials to both realize the crime and then locate the culprit,” he is quoted as saying.




No joke.
What Do Lawyers and Hackers Have in Common
The activities of attorneys and the activities of hackers are not as different as you might expect, if you define hackers as creative, unconventional problem solvers.
Each explores vast spaces of complicated systems, looking to see how they work, both in ways intended and unintended, and to see what they can be made to do.
In general, the law typically does not keep up with changes in society or technology. As a result, lawyers often must formulate new and innovative ways to address difficult legal problems by using and combining existing legal tools in new ways.




Perspective. Clearly cash will become increasingly rare, so I’m going to start collecting US currency. I will pay you up to 30 cents for a $100 bill, depending on condition.
Sweden’s Push to Get Rid of Cash Has Some Saying, ‘Not So Fast’
Few countries have been moving toward a cashless society as fast as Sweden. But cash is being squeezed out so quickly — with half the nation’s retailers predicting they will stop accepting bills before 2025 — that the government is recalculating the societal costs of a cash-free future.
The financial authorities, who once embraced the trend, are asking banks to keep peddling notes and coins until the government can figure out what going cash-free means for young and old consumers. The central bank, which predicts cash may fade from Sweden, is testing a digital currency — an e-krona — to keep firm control of the money supply. Lawmakers are exploring the fate of online payments and bank accounts if an electrical grid fails or servers are thwarted by power failures, hackers or even war.
… Ask most people in Sweden how often they pay with cash, and the answer is “almost never.” A fifth of Swedes, in a country of 10 million people, do not use automated teller machines anymore. More than 4,000 Swedes have implanted microchips in their hands, allowing them to pay for rail travel and food, or enter keyless offices, with a wave. Restaurants, buses, parking lots and even pay toilets depend on clicks rather than cash.


No comments: