To catch a drug thief, hospital secretly recorded births, women’s surgeries

Not where you want a hidden camera.

Enlarge / Not where you want a hidden camera. (credit: Getty | Brendan Hoffman)

A California hospital faces a lawsuit from 81 women who allege they were secretly filmed by hidden cameras in labor and delivery operating rooms while undergoing extremely intimate procedures, including Caesarean births, sterilizations, and operations to resolve miscarriages.

The women claim that their privacy was egregiously violated by the hospital, Sharp Grossmont Hospital in La Mesa, California, which is run by Sharp HealthCare. The women say they did not consent to be filmed during the procedures—and would not have done so if given the choice.

Moreover, they allege that their sensitive videos were insecurely stored on various desktop computers, some of which were not even password protected, and that numerous non-medical staff members—including security guards and attorneys—were able to watch the videos. The lawsuit further alleges that the hospital made no effort to log or monitor who viewed the footage and did not ensure proper deletion of the data. In all, the lawsuit estimates that the hospital had secret recordings of around 1,800 procedures that took place in the women’s center.

Read 5 remaining paragraphs | Comments

The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach

We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors. The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system [...]

Read the full post at darknet.org.uk


Honda Canada loses 283,000+ records, now faces lawsuit

Honda Canada disclosed the loss of more than 283,000 records this week. Letters mailed to affected customers explained that the information was stolen in March when hackers broke into the myHonda and myAcura websites.

Honda Canada data breach letter

Honda waited over two months to notify its customers, claiming it needed to assess the gravity of the situation and determine exactly what data may have been stolen. While it is important to determine the facts, Honda appears to have been less forthright than they claim.

The letter mailed to Honda customers stated:

“The incident involved the possible improper access of information, as held in our records in 2009, specifically your name, address and Vehicle Identification Number.”

A few days later they then appended the statement on their website to say:

“and in a small number of cases, Honda Financial Services (“HFS”) account numbers.”

myHonda portalThe Toronto Star reports that this has triggered a class action lawsuit on behalf of affected customers. The lawyers are suing for $200 million in damages for failure to protect personal and confidential information and failure to notify customers in “a reasonable amount of time.”

Similar to one of the Sony attacks, it is being reported that the data was left behind after a mailing campaign in 2009 and not properly deleted. Honda Canada should have been on high alert after a very similar incident at Honda USA.

Honda Canada customers should watch carefully for fraud or contact from parties claiming to be related to Honda or Honda Finance. Fortunately, most of the information that was compromised is public knowledge and did not include birth dates, Social Insurance Numbers or other confidential information.

Has your organization taken the appropriate steps to secure your customers’ data? A little encryption can go a long way in protecting you from a data loss incident and as we see here, even lawsuits.

If you would like to learn more about data protection and the types of threats that can compromise your organization, why not download our free Data Security Toolkit?