Background information Date of final decision: 20 May 2024 National case Legal Reference (s): Article 5 (Principles relating to processing of personal data), Article 24 (Responsibility of the controller), Article 32 (Security of processing) Decision: Administrative fine, Compliance order Key words: Accountability, Administrative fine, Data subject rights, Hacker attack, National identification number, Responsibility of the controller…
Kevin Poireault reports: An infamous ransomware group has claimed to have compromised sensitive data from a children’s hospital in Liverpool, UK. On November 28, INC Ransom posted on its data leak site that it has obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from Alder Hey Children’s NHS Foundation Trust. [And…
November 27 EDMONTON – The 2023-2024 Annual Report of the Office of the Information and Privacy Commissioner (OIPC) of Alberta was tabled today by the Speaker of the Alberta Legislative Assembly and has now been published online by the OIPC. “The 2023-24 year can best be characterized as a year of change and engagement for…
Issued on 11/21/2024 | Posted on 11/25/2024 | Report number: A-18-21-08014 To cut to the chase: What OIG Found OCR fulfilled its requirement under the HITECH Act to perform periodic HIPAA audits. However: OCR’s HIPAA audit implementation was too narrowly scoped to effectively assess ePHI protections and demonstrate a reduction of risks within the health care sector. Specifically: OCR’s audits consisted…
Emma Dukes reports: Wirral University Teaching Hospital Trust said the incident began on Monday evening (November 25), with staff members at the hospital telling LiverpoolWorld that a “cyber attack” had caused the computer systems to go down. The Trust – which comprises Arrowe Park Hospital, Clatterbridge Hospitals and the Wirral Women and Children’s Hospital – confirmed that a “major…
It’s been a long battle, but transparency has prevailed. LifeLabs LP v. Information and Privacy Commissioner of Ontario (IPC) stemmed from a cyberattack in 2019 that resulted in the compromise of 15 million Canadian’s data. LifeLab eventually complied with inquiries by the Privacy Commissioner, who requested that LifeLab provide its forensics report and other documents, but LifeLab…