Hello world!
Today’s Paubox Weekly is 485 words - a 2 minute read.
Barracuda, an email and network security provider, recently identified a vulnerability in its Email Security Gateway Appliance (ESG). The flaw was found in a module that initially scans the attachments of incoming emails.
What they're saying: “If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take,” the company said.
However, according to CRN, Barracuda didn’t specify how many customers were affected, and said that it’s not sharing further details.
The company continues to monitor the situation
Did you know?
You can earn $250 for every organization you send our way. Here's how.
Premom Ovulation Tracker has agreed to settle a Federal Trade Commission (FTC) complaint alleging unlawful data sharing. In the worst-case scenario, third parties could track individuals' unique fertility situations.
Why it matters: The FTC alleged that the company deceived users by sharing personal information with third parties, including AppsFlyer, Google, and two other China-based firms. The incident allegedly violated the Health Breach Notification Rule and affected hundreds of thousands of users.
Healthcare websites that collect, store, or process PHI are subject to HIPAA regulations and need to be HIPAA compliant.
The details: Websites facilitating interactions between patients and providers should pay close attention to HIPAA compliance. These interactions may include patient communication, appointment scheduling, and online submission of sensitive health information.
When does a website need to be HIPAA Compliant?
Some software services claim they can be used in a HIPAA compliant manner, without the need for a BAA.
The bottom line: There is no partially compliant software. Any software that handles PHI must be fully HIPAA compliant and be willing to sign a business associates agreement.