Stay in the know. Follow ThreatWatch, Nextgov's index of data breaches and cyber threats.
CardioNet, a remote mobile cardiac monitoring company, agreed to pay a $2.5 million settlement after an employee’s laptop with protected health information was stolen, the Department of Health and Human Services announced.
The laptop, stolen in 2012, contained more that 1,300 people’s health data that was subject to the Health Insurance Portability and Accountability Act of 1996. The theft, in this case, amounted to an “impermissible disclosure.” HHS said its investigation found the company had yet to implement policies and procedures to comply with HIPAA security and privacy requirements.
The settlement is the first involving a wireless health services provider, the department said.
“Mobile devices in the health care sector remain particularly vulnerable to theft and loss,” said HHS’ Office for Civil Rights Director Roger Severino in a statement. “Failure to implement mobile device security by Covered Entities and Business Associates puts individuals’ sensitive health information at risk.”
CardioNet agreed to settle for “potential non-compliance” of HIPAA and will implement a corrective action plan.
A breach service received more than 1 million accounts from an online and mobile gaming company.
Breach service LeakBase received millions of accounts from an individual who claimed it came from Reality Squared Games (R2Games) forums in the U.S., France, Germany and Russia, CSO Online reported. The records contained usernames, email addresses, passwords, IP addresses and other optional fields such as instant messenger fields and Facebook access tokens.
R2Games is an international company publishing online and mobile games that are free to play but feature in-game purchases. Last year the company denied reports it suffered a breach of 22 million users’ information, according to CSO Online.
One of the groups linked to both Russia and the hacking of the Democratic National Committee during the U.S. presidential election is attempting to phish French presidential candidate Emmanuel Macron, according to a security firm.
Trend Micro said Fancy Bear, aka APT 28, set up multiple domains similar to Macron’s official party site in an attempted phishing campaign to capture legit credentials and access campaign information. Researchers said Fancy Bear targeted Macron’s campaign and one associated with German Chancellor Angela Merkel’s party, according to The New York Times. A Macron spokesman said the attempts were not successful.
Fancy Bear, known for complex phishing campaigns, has been linked with Russian intelligence for years. A Russian spokesman for Vladimir Putin denied any interference in foreign elections, The Times said.