Security News Update for the Week Ending April 26, 2024
HHS Beefs up Privacy Protection for Reproductive Healthcare Info
In a final rule released this week, doctors, clinics and other providers are prohibited from disclosing protected health information related to lawful reproductive healthcare. The rule is designed to protect women who cross state lines seeking an abortion and their providers. The 291 page regulation will become effective 60 days after it is published this week. Credit: Data Breach Today
Ring Fined $5.6 Mil After Insider Compromised Customer Privacy
Here is the short version. Ring/Amazon had no security in place to stop employees from watching your videos. The FTC said that Ring had “sloppy privacy protections” and that any employee or contractor had access to customer videos. Consider if, as some people do, you had cameras inside your house or kid’s bedrooms. Amazon employees could watch those cameras and even talk back to your kids. Amazon will send the payments to affected customers via PayPal and it might average $50 a person. Not even a rounding error to Amazon. Me, I got rid of my Ring technology as soon as Amazon bought the company. Credit: The Register
While Congress Worries About TikTok, Website Sells Billions of Discord Messages
Congress doesn’t quite understand the problem. Or maybe it does and it is just too coin-operated to care. A website in the U.S. has sold four billion Discord messages from 14,201 servers, which host 627 million users. Could China buy that data? Sure. As long as they have a little bit of cryptocurrency or a credit card. Shutting down TikTok here, if that happens, is a huge gift to Silicon Valley in an election year. What are they getting in exchange? Credit: Hack Read
FBI Issues Alert on Cryptocurrency Money Services Businesses
In legal parlance, a money services business or MSB is a company that facilitates moving or converting money. An old school example is a check cashing service or the local grocery store that sells money orders. As the FBI is cracking down on cryptocurrency services that are not licensed, they are warning the public that if they shut one of these down, you might lose all of your money, maybe forever or maybe for a few years until the trials are over. They consider many of these companies illegal money launderers. They are providing tips for consumers. Details here (FBI)
FTC Finalizes Health Breach Notification (HBNR) Rule Update
The HBNR has been around for more than a decade but it has been, until recently, rarely used. People are often confused into thinking that all of these apps that collect (and sometimes sell) your personal health data – like period tracking apps – are covered by HIPAA. They are not. They are covered, now, by the new Health Breach Notification Rule. This may surprise some app makers. Note that the FTC will not care if you are surprised if you violate the rule and they slap you with a multi-million dollar fine. Need help? Contact us. Unfortunately, if your business model breaks the law you will probably need to change your business model. Credit: Data Breach Today