Monthly Archives: March 2010

Incident(s) of the Week: Disgruntled Hacker Disables 100 Cars Purchased from Texas Auto Center

In late February and early March, around 100 cars in and around Austin, Texas either would not start or would not stop honking.  This was apparently caused by 20 year old hacker, Omar Ramos-Lopez, who remotely triggered the vehicle immobilization system installed by dealership Texas Auto Center.

Apparently the dealership installed the GPS-enabled devices so that cars can be immobilized and repossessed when a customer fails to make scheduled payments.… More

Update on HIPAA Business Associate Regulations — OCR Says They Still Aren’t Ready, Gives No Date

In a notice apparently posted March 17, 2010, the Office of Civic Rights of the Department of Health and Human Services (“OCR”) acknowledged its delay in issuing regulations for HIPAA business associate agreements.  Those regulations are now a month overdue and from OCR’s language, they do not appear imminent:

OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking,… More

LifeLock To Pay $12 Million to Settle Charges That Identity Theft Prevention and Data Security Claims Were False

LifeLock, Inc., a self-proclaimed “industry leader in the rapidly growing field of identity theft protection” has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that Lifelock falsely promoted its identity theft protection services. Lifelock publicized its services through advertisements that publicly disclosed its CEO’s Social Security number. As part of the settlement,… More

Microsoft No Longer Seeking Removal of Cryptome or Leaked Compliance Handbook

Last week, lawyers from Microsoft issued a demand under the Digital Millennium Copyright Act (DMCA) seeking the removal of leaked copies of Microsoft’s “Global Criminal Compliance Handbook” that pulled website from the Internet, at least temporarily.  The DMCA provides copyright owners with the ability to request that internet service providers remove infringing materials from websites.  Microsoft’s DMCA demand to Cryptome’s service provider, Network Solutions,… More

HHS Reports 35 Breaches Impacting 500 or More People

At the end of February, the HHS Office of Civil Rights (“OCR”) posted on its website a list of HIPAA “covered entities” that have reported breaches of unsecured health information affecting more than 500 individuals.  OCR’s posting showed 35 health data breaches that impacted over 700,000 individuals (with individual breaches ranging in size from 359,000 individuals, due to the theft of a  laptop to 501 individuals impacted by the theft of a portable USB device). … More

Deadlines, Deadlines, Deadlines: Three Important Privacy and Security Dates

In the past several days, three important information privacy and security deadlines have arrived.  To recap, they are:

  • February 17, 2010:  the provisions of the HITECH Act regarding HIPAA business associates went into effect (albeit without regulations, which are expected to be issued any day now).  Many HIPAA covered entities have been revising their Business Associate Agreements in an effort to comply with what they think the regulations will say. …
  • More