Welcome to News Worthy Around The World. Our goals is to presents news worthy happening that are related to data security and compliance. When news worthy presents a press release, any corrective action necessary has been achieved. If you would like to contribute to news worthy, please complete the form below.

Blog - News Worthy From Around The World
News Worthy From Around The World

News Worthy Around the world


Walgreens Ordered to Pay $3.5 Million for Improper Disposal of Hazardous Waste at California Stores

Press Release Posted on December 22,

 

Oakland, CA – Alameda County District Attorney Nancy E. O’Malley announced today that a $3.5 million stipulated judgment against Walgreen Co. (“Walgreens”) has been approved by the Alameda County Superior Court which settles allegations that Walgreens unlawfully disposed of hazardous waste in violation of state laws and injunctive terms from a 2012 stipulated judgment. 

The current settlement follows an investigation by prosecutors of Walgreens’ conduct between 2013 and 2020, during which time prosecutors allege that the company improperly disposed of hazardous waste into company trash bins destined for municipal landfills that are not authorized to accept hazardous waste. The hazardous waste included items such as over-the-counter and prescription medication, electronic devices, batteries, aerosol products, cleaning agents, as well as other hazardous items generated through the company’s regular business activities. This settlement also resolves allegations that Walgreens failed to shred or otherwise destroy customer records containing confidential information before disposal.

Click here to read Press Release.

 

 

Portis, Inc. Provides COVID-19 Business Relief to Keep Businesses HIPAA Compliant

Press Release Posted on December 3

 

“These COVID-19 times are challenging for everyone. We have no intention of complicating matters even more.” – Tyrone Witherspoon, Portis, Inc. CEO. The focus of Portis, Inc. is to protect your privacy by completely destroying hard drives that contain any proprietary information (PI), personal identifying information (PII), protected health information (PHI), and electronic protected health information (e-PHI).

Nashville, TN, December 02, 2020 –(PR.com)– Portis, Inc.’s COVID-19 Business Relief is now available to all businesses within a 30 mile radius of Nashville, TN. During this COVID-19 period, businesses are moving forward by keeping doors open, employees paid, everyone safe, and staying compliant with their specific governmental regulations such as HIPAA. To reduce expenses for some necessary services, Portis, Inc. is currently offering businesses a name your price option for all services. Yes, a name your price option.

“These COVID-19 times are challenging for everyone. We have no intention of complicating matters even more.” – Tyrone Witherspoon, Portis, Inc. CEO. Visit https://portisinc.com/covid-19-business-relief/ for complete details on the COVID-19 Business Relief name your price option for all services.

The focus of Portis, Inc. is to protect your privacy by completely destroying hard drives that contain any proprietary information (PI), personal identifying information (PII), protected health information (PHI), and electronic protected health information (e-PHI).

Click here to read Press Release.

 

 

ITAD firms weigh in on bank’s $60M data mismanagement fine

Posted on 

 

“The improper disposal that resulted in this sanction goes back four years and is a reminder that historical bad practices eventually come home to roost,” wrote Johnson, who also authored a blog post about the case. “It is also likely that clients’ professional liability underwriters are paying close attention, and that clients will be required to demonstrate intense vendor selection due diligence in order to maintain their insurance coverages.”

On Oct. 8, the Office of the Comptroller of the Currency (OCC), part of the Treasury Department that regulates banks, released a consent order detailing the fine. The penalty, which Morgan Stanley Bank and Morgan Stanley Private Bank agreed to pay, was based on the failure of the banks to exercise proper oversight of the 2016 decommissioning of two Wealth Management business data centers in the U.S., according to an OCC press release. In 2019, the banks experienced similar vendor management control deficiencies while decommissioning other network devices with customer data, the release states.

Click here to read the entire article.

 

 

HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals

Press Release Posted September 23, 2020

 

CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over six million people. CHSPSC provides a variety of business associate services, including IT and health information management, to hospitals and physician clinics indirectly owned by Community Health Systems, Inc., in Franklin, Tennessee. 

In April 2014, the Federal Bureau of Investigation (FBI) notified CHSPSC that it had traced a cyberhacking group’s advanced persistent threat to CHSPSC’s information system. Despite this notice, the hackers continued to access and exfiltrate the protected health information (PHI) of 6,121,158 individuals until August 2014. The hackers used compromised administrative credentials to remotely access CHSPSC’s information system through its virtual private network. 

Click here to read Press Release.

 

 

Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules

Press Release Posted September 21, 2020

 

On June 26, 2016, a journalist notified Athens Orthopedic that a database of their patient records may have been posted online for sale. On June 28, 2016, a hacker contacted Athens Orthopedic and demanded money in return for a complete copy of the database it stole. Athens Orthopedic subsequently determined that the hacker used a vendor’s credentials on June 14, 2016, to access their electronic medical record system and exfiltrate patient health data. The hacker continued to access protected health information (PHI) for over a month until July 16, 2016.

On July 29, 2016, Athens Orthopedic filed a breach report informing OCR that 208,557 individuals were affected by this breach, and that the PHI disclosed included patients’ names, dates of birth, social security numbers, medical procedures, test results, and health insurance information.

Click here to read Press Release.

 

 

Best of 2019: End-of-Life Devices Pose Data Breach Risk

Posted on December 30, 2019

 

Data breaches at device end-of-life is a very big problem, said Fredrik Forslund, vice president, Enterprise and Cloud Erasure Solutions at Blancco, in an email interview. For example, a few months ago while researching how often sensitive data remains on pre-owned technology, Blancco purchased 159 drives from professional sellers using eBay in the U.S., UK, Germany and Finland. All of the drives were “guaranteed” by the sellers to be clean from data. That wasn’t the case, however: Almost half (42%) still contained data, with 15% of the information being PII and/or corporate data. Forslund said in that study they found:

  • A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial records.
  • 5GB of archived internal office email from a major travel company.
  • 3GB of data from a cargo/freight company, along with documents detailing shipping details, schedules and truck registrations.

Failing to make sure that devices are wiped clean of data sets up organizations for data breaches and violations of data privacy laws.

Click here to read the entire article.