Aug 202018

Karen Scarfone reports:

No matter how many layers of security school districts put in place to stop ransomware, it’s inevitable that, at some point, an endpoint will be infected. Since January 2016, there have been 355 cybersecurity-related incidents against K–12 schools, including ransomware attacks, according to the K–12 Cybersecurity Resource Center.

In 2016, 60 percent of K–12 schools hit with ransomware decided to pay attackers in order to get back control of their data, according to analysis from the Department of Education. In response, the Education Department has responded with a number of resources to encourage better cybersecurity practices.

Most recently, the Education Department announced it would strip any K–12 school district or higher education institution of Title IV funding if it did not adhere to “reasonable methods” to protect student data.

Read more on EdTech.

Aug 202018

The Commentator reports:

The National Health Service (NHS) has lost almost 10,000 patient records in the last year, according to new research from leading tech think tank Parliament Street. The findings are disclosed in a new report entitled ‘NHS Data Security: Protecting Patient Records’ examines the amount of patient records that have been misplaced from NHS trusts in the last year. The report discovered that overall, 9,132 patient records from 68 hospitals had been reported missing or lost in the last financial year.

Researchers discovered that there were 3,179 records missing or stolen was the University Hospital Birmingham, followed closely by Bolton NHS trust at 2,163 records misplaced. The third largest was University Hospital Bristol with 1,105 records lost.

Read more on The Commentator.

Aug 142018

Meagan Simpson reports that a Toronto man is suing Facebook Inc., Facebook Canada, and Cambridge Analytica. The basis for his suit is that he has experienced hundreds of unwarranted calls and emails since the breach, he claims, and those calls and emails are due to the breach of his information. The whole experience, he alleges, has increased his anxiety significantly:

Mattucci claims to have received and continues to receive anywhere from 10 to 20 unsolicited calls and emails every day. He said that these ‘irritants’ started right around the time of the data breach and feels there is a pretty clear connection.

These calls and emails, said his lawyer Darryl Singer, have exacerbated already existing anxiety issues. “[His anxiety] is a result of knowing his information is out there, receiving dozens and dozens of these unwanted calls and emails and not knowing who has his info or how it’s going to be used.”

Singer told IT World Canada that this has caused his client significant pain and grief as well as a loss of quality of life. Mattucci is receiving psychological treatment and has had to increase his medications since the whole experience began.

Read more on The London Free Press.

I know different countries have different standards for lawsuits over breaches, but if this suit was filed in the U.S., I’d be thinking about snowballs in excessively hot environments.  But does this type of claim have any kind of reasonable chance of prevailing in Canada?

Aug 092018

Cory Doctorow reports:

Comcast Xfininty’s login page had an easily found bug that allowed anyone to gain access to the Social Security Numbers and partial home addresses of over 26.5 million customers.

Comcast spokesapologist David McGuire says the company patched the bug quickly after being notified of its existence by security researcher Ryan Stevenson, and added that the company “take[s] our customers’ security very seriously,” adding that the company didn’t think anyone had exploited the bug.

Read more on BoingBoing.

Aug 082018

As regular readers know by now, compiles data from health data breaches in the U.S. for Protenus, Inc.  For the past few years, Protenus published monthly statistics and analyses, but this year, shifted to a quarterly report with more analyses and some fascinating proprietary data.  Here’s an example of what you’ll find in their newest report, out today:

In Q2 2018, 29.71% of privacy violations were repeat offenders. This evidence indicates health systems accumulate risk that compounds over time if proper reporting and education do not occur. On average, if an individual healthcare employee breaches patient privacy once, there is a greater than 30% chance that they will do so again in three months’ time, and a greater than 66% chance they will do so again in a years’ time.

I think you’ll find a lot of interesting findings in there to mull over.  You can access it for free (and with no registration required) on Protenus’s site.