Becky Bracken reports: Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov…
Category: Health Data
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.
TX: Threat actors dump patient files from Nocona General Hospital
On February 3, Conti threat actors added Nocona General Hospital in Texas to their leak site, posting 20 files as proof that they had accessed the hospital’s files. Many of the files contained patient records from 2018, and appeared to be pdf scans or doc files. They did not appear to be records from any…
FR: The Dax hospital center targeted by a large-scale cyber attack
AC reports (translation): The telephone lines did not ring at midday. It was impossible to reach the Dax hospital center, which was targeted on Tuesday, February 9 by a large-scale cyber attack. “Our teams are doing their utmost to restore the situation as soon as possible,” said the establishment on its Twitter account. A crisis meeting…
When to Report a Breach: Consideration of Encryption States
Matt Fisher of Carium writes: Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not…