As more and more businesses require customers to submit sensitive personally identifiable information (PII) to provide goods or services – such as Social Security numbers, and birth dates – people are forced to trust that these companies will safely store their data. Unfortunately, that is not always the case.
There were 2,216 confirmed data breaches worldwide in 2017 alone. Data breaches affect companies of all sizes, with 58 percent of targets categorized as small businesses across a range of industries, including health care, education, and financial services.
While data breaches that dominate the news tend to involve the massive corporations and tens of millions of victims, a smaller data breach of a local business that affects people in a limited geographic area is more likely to come across the desk of most attorneys. Three types of data breaches frequently occur in local communities: phishing emails to office staff, employees improperly accessing medical records, or hackers deploying ransomware. Although these data breaches may be “small” in scale, the impact on victims and local communities can be devastating.
Big data breaches grab headlines, but smaller-scale, localized ones occur frequently and have the same impact on consumers. Learn about the features of these breaches and how to handle them in the below article published by the American Association for Justice and written by Faraci Lange partner Hadley Matarazzo and Cohen & Malad attorney Lynn A. Toops.
Last week, the consumer credit reporting agency, Equifax, announced that a data breach had compromised the Social Security numbers, dates of birth, names and addresses of up to 143 million Americans.
This massive data breach has put millions of Americans at risk for identity theft and other potentially harmful cyber crimes.
In an editorial published in the New York Times, Zeynep Tufekci stresses the underlying political reason why cybersecurity has become so weak in recent times.
“Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less,” Tufekci wrote.
Although no software system can be free from bugs, most data breaches aren’t inevitable and are a result of neglect and under-investment in cybersecurity.
In addition to the news of Equifax’s data breach, it was revealed that three of the company’s executives sold $2 million worth of stock soon after the breach’s discovery in July.
A company spokesperson stated that the executives had no knowledge of the breach at the time they sold “a small percentage of their Equifax shares”.
As long as this unaccountability exists for corporations and their executives, data breaches will continue to occur and consumers will continue to be put at risk.
Read the full article here.
If you believe you are eligible for a consumer protection claim, please call or text us at (888) 325-5150 or fill out a contact form for a free legal consultation.
There have been several widespread data breaches in the healthcare industry in recent times that have put the personal information of patients, employees and providers at risk.
According to Aaron Miri, CIO at Imprivata, there is a need for increased healthcare industry standards and regulations to govern electronic health information more effectively.
The Banner Health data breach has been the largest health cyberattack in recent months.
“The Banner Health breach is a lesson for other healthcare organizations to ensure that they are constantly reviewing where their valuable data is being stored,” explained Bill Kleyman, an expert on data security.
The Arizona -based facility, Valley Anesthesiology and Pain Consultants, reported earlier this week that one if its computer systems was accessed by an unauthorized user resulting in the potential exposure of almost 9,000 patients’ information.
User access needs to also be carefully monitored and organizations need to understand who is accessing data, when, and where.
“As a hospital CIO for a number of years, my biggest struggle was not understanding who was accessing what data and where,” Miri stated. “And so being able to put in the tools to do that was really a huge key.”
As medical record values continue to rise on the black market, these kinds of cyberattacks on health care facilities are not likely to slow down.
Read the full article here.
If you believe you or your family may have been affected by the Banner Health data breach, please contact Hadley Matarazzo at (585) 325-5150 or fill out a contact form for a free legal consultation today.
On Thursday, consumers in New York federal court argued that the Blue Cross Blue Shield Association cannot escape the class action claims it faces over a health insurance data breach and must be held responsible for failing to protect sensitive information.
The BCBSA proposed a bid to shake the data breach claims against Excellus BlueCross BlueShield, which is one of its licensees. Customers fiercely criticized this bid, contending that Excellus had signed a contract promising health care to federal workers and it would ensure the protection of consumer information.
The proposed class action lawsuits, which began after hackers gained access to about 10 million consumer records, allege that the company “failed to protect customer information, waited too long to tell customers about the breach and did not give customers adequate information about how to protect themselves in the wake of the breach.”
BCBSA moved to toss the data breach claims against it last month, arguing that it merely entered into the contract on behalf of independent insurance companies that it licenses the Blue Cross and Blue Shield marks to.
Faraci Lange partner Hadley L. Matarazzo, who represents the customers, told Law360 that “BCBSA, as sponsors and administers of a health plan for federal employees, made certain promises regarding data security that they failed to live up to.”
Read the full article here.
Please visit our Excellus Data Breach page to learn more or contact Hadley Matarazzo at (585) 325-5150 for a free legal consultation if you think you may be eligible for a consumer protection claim.
Fewer than a quarter of 21 million federal workers hit by a major computer hack have been officially told that their personal information was compromised, six months after the breach was detected, a U.S. government official recently said.
About 5 million notifications have been sent out to hack victims so far, a spokesperson for the U.S. Office of Personnel Management (OPM) told Reuters in an email.
The slowness of the notification process underscores Washington’s struggles in dealing with its computer vulnerabilities, a growing problem that the Obama administration has been trying to address.
After it fell victim to two successive cyberattacks, both begun in 2014 and revealed earlier this year, OPM was roundly criticized by lawmakers for its response.
The Defense Information Systems Agency in September awarded a $1.8 million contract to Advanced Onion, a technology firm, to help locate and notify victims of the OPM breach, which exposed names, addresses, Social Security numbers and other sensitive information of current and former federal employees and contractors. About 5.6 million fingerprints were pilfered, an upwardly revised number from an initial estimate of 1.1 million.
The notification process for the smaller of the two breaches, which affected 4.2 million individuals, raised alarm when victims were asked to follow instructions online in prompts that some said resembled phishing scams. Others complained of long wait times with support call centers. That episode prompted the government to pursue Advanced Onion to deal with the larger breach, a process that took several months.
It has been six months since the larger OPM hack was detected, and more than a year and a half since hackers first infiltrated the agency’s data banks.
Officials have offered three years of credit monitoring and identify-theft monitoring services to hacked employees.
Read the full article here.