May 232017

Jeffrey M. Schlossberg of Jackson Lewis writes:

Last August, we reported on a Ninth Circuit case in which a former employee was convicted of a crime under the Computer Fraud and Abuse Act (“CFAA”) for accessing and downloading information from his former company’s database “without authorization.”  The former employee has now asked that the U.S. Supreme review the Ninth Circuit’s decision.

The question presented to the high Court is, “Whether a person who obtains an account holder’s permission to access a computer nevertheless ‘accesses a computer without authorization’ in violation of the CFAA when he acts without permission from the computer’s owner.”

Read more on Jackson Lewis Workplace Privacy, Data Management & Security Report.

May 232017

Ira Parghi of Ropes & Gray writes:

Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity.  Most of these cases involve stolen, unencrypted laptop computers (at least six cases), mobile devices such as iPads or iPhones, office computers, or portable storage devices.


Notably, while the underlying facts of these cases vary somewhat, their CAPs do not.  All 12 of the CAPs hone in on the obligation under the Security Rule to perform an annual Risk Analysis and Risk Management Plan.

Read more on MedCityNews.

May 232017

CTK reports:

The State Attorney’s office has proposed that the eighth man be taken into custody in the case of leak of information from Czech police databases, state attorney Petr Sereda told journalists today, adding that in all, 18 people have been accused in connection with it.

Sereda said the Municipal Court in Brno had complied with all the seven proposals for the arrests and there were not any other.

The investigation, conducted by the High State Attorney’s Office in Olomouc, north Moravia, in cooperation with the National Drug Centre (NPC), concerns former elite police and businesspeople.

Read more on Prague Daily Monitor.

May 232017

Andrew Ruiz reports:

The Florida Department of Agriculture and Consumer Services is warning customers that hackers may have obtained the names of more than 16,000 people who have Florida concealed weapon permits.

The data breach that appears to have originated from overseas affects people who entered information through the department’s online payment system.

Read more on WPTV.  While the story leads with the number of names, it’s important to note that 469 Social Security numbers were also acquired by the hackers.

May 232017

NBC10 reports:

If you’ve ever been pulled over by police or had an ambulance rush to your home, laptop computers offer a way for first responders to check some of your most personal information. Former Chester County Technical Communications Specialist David Cucchi insists however that the laptops in his county also offered a glaring opportunity for hackers.

“It is the worst scenario that you could possibly be in,” Cucchi said.

Cucchi claimed major cyber security gaps in Chester County’s computer-aided dispatch system were obvious even as he and a colleague were first installing it last August. He later filed a whistleblower complaint earlier this spring alleging that he was fired from his job after bringing his concerns to light.

Read more on NBC10.

This is not the first time we’ve read of privacy and security concerns involving emergency services in Pennsylvania. Anyone else having flashbacks to the Monroeville situation?