Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools in their websites or mobile apps potentially violates federal data privacy and security regulations.
This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
Two organizations that operate clinics and hospitals in the Midwest are the latest medical care providers struggling with an enterprisewide IT outage affecting clinical and administrative applications. The incident appears similar to recent attacks on several other regional entities.
While the concept of protecting citizens' privacy through government regulations is growing in popularity in the APAC region, lawmakers must understand the many nuances of similar regulations in the European Union and the United States, according to an expert panel on the privacy regulations.
In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.
In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
The federal agency that enforces HIPAA is heavily focused on investigations of potential violations involving online tracking tools in healthcare websites that impermissibly transmit sensitive patient information to third parties, said Susan Rhodes of the Department of Health and Human Services.
A federal judge issued a tentative order allowing plaintiffs to continue suing social media giant Meta for allegedly intercepting sensitive health data through its web tracking Pixel tool embedded into patient portals and scheduling apps. Meta attorneys had sought to have the lawsuit dismissed.
Advocate Aurora Health has agreed to pay $12.25 million to settle consolidated class action claims that the Illinois-based hospital chain invaded patient privacy by using tracking codes on its websites and patient portal, according to a preliminary settlement plan in Wisconsin federal court.
U.K. authorities recently reprimanded health service provider NHS Lanarkshire after staff members shared patient data on messaging service WhatsApp. That privacy lapse demonstrates the risks of shadow IT and the legacy of COVID-19 practices, said attorney Jonathan Armstrong of Cordery Compliance.
A nonprofit firm that administers government dental programs in Canada paid a "substantial" ransom for a decryptor key and the destruction of data stolen in a recent ransomware attack. But the company is now notifying nearly 1.5 million individuals that the hack compromised their data.
India's data protection bill, which sets a maximum fine of $30 million for privacy violations, passed both houses of Parliament this week and awaits presidential approval to become the country's first data privacy law. Final changes eased data localization requirements for most companies.