The Change Healthcare data breach may have affected a “substantial proportion” of US citizens, according to parent company UnitedHealth. The breach potentially compromised personal and health data, although there is no evidence of full medical histories or doctors’ charts being accessed. The complexity of the data review means that individuals affected will not be notified for some months. UnitedHealth has not submitted HIPAA breach reports even though the breach was discovered on 21 February.
Google calls for halting use of WHOIS for TLS domain verifications
Browser makers and certificate authorities are looking to stop using WHOIS data for domain ownership verification after researchers exposed how fraudsters could manipulate the process