Julie Schwartz and Patrice Navarro of HoganLovells write: CNIL has always been very attentive to the processing of health data and to their security and confidentiality. It regularly publishes content on its website (practical information sheets, guidelines and binding recommendations), and has also made health data security one of its priority topics for its investigations…
Author: Dissent
UK law: Ethical hackers urged to respond to Computer Misuse Act reform proposals
Alex Scroxton reports: Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990. The long-awaited consultation, which has been running since February, is seeking views on a…
A hospital went dark after it was hacked. It’s still reeling two years later
Farah Yousry reports the aftermath of a ransomware attack by Hive that was previously reported on DataBreaches in 2021: As the second year of the pandemic was nearing an end, employees at Johnson Memorial Health hoped they could catch their breath after dealing with a weeks-long tsunami of COVID-19 hospitalizations and deaths. But on a…
NYS Secures $200,000 from Law Firm for Failing to Protect New Yorkers’ Personal Data
NYS Attorney General Letitia James announced a settlement: New York Attorney General Letitia James secured $200,000 from the law firm, Heidell, Pittoni, Murphy & Bach LLP (HPMB) for failing to protect New Yorkers’ personal and healthcare data. HPMB’s poor data security measures made it vulnerable to a 2021 data breach that compromised the private information of approximately…
No need to hack when 682,000 medical records are leaking, Monday edition
On March 15, DataBreaches was contacted by a researcher who had found a “bunch of medical docs.” The files included patient intake evaluations, laboratory results, medical records requests, insurance information forms, treatment or consultation notes, and other files you would expect to see in a patient’s records. The patients all appeared to be in Texas,…
Updating: Cyberattack against CHRU Brest: what happened
In a March 11 post about non-U.S. hospitals that had been victims of cyberattacks, DataBreaches had noted a report about CHU-BREST. Valéry Rieß-Marchive of LeMagIT has an update and more details on the incident. The following uses machine translation from the original French: During a press briefing, this Friday, March 24, the direction of the…