Marco De Felice reports: The Guarantor for privacy has sanctioned two hospitals and an AUSL, they had communicated medical information to the wrong people. The three structures fined are the Sienese University Hospital , the University Hospital of Parma and the Romagna Local Health Authority . The two hospitals received a fine of €10,000, while for the Romagna AUsl the fine was €50,000. ……
Category: Commentaries and Analyses
New York regulator issues cyber insurance risk framework with implications for insurers and insureds
Tim Tobin, Harriet Pearson, Paul Otto, and Jonathan Hirsch of Hogan Lovells write: On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance. The Framework identifies best practices that property/casualty insurers “should employ” to manage…
SG: Undertaking by StarMed Specialist Centre Pte Ltd
The Personal Data Protection Commission of Singapore announced a new undertaking this week. The incident that led to the investigation was a ransomware attack on a medical entity, and findings included that the entity had left RDP open and had weak login credentials, among other concerns. The undertaking was to get them to harden their…
Patient data at risk as doctors communicate with Facebook, WhatsApp
Domanii Cameron reports: Doctors at public and private hospitals are having to consult about their patients via Facebook and messaging apps, prompting calls for a real-time messaging platform. Rural Doctors Association of Australia president John Hall told The Sunday-Mail he had witnessed the issue first-hand while claiming it was widespread practice. Read more on Herald Sun (AU.
Alleged Hydra Market Operators Identified
GeminiAdvisory analysts write: Gemini analysts have found a post by an anonymous author on the hydra[.]expert domain claiming to have uncovered the true identities of the individuals running Hydra, one of the largest Russian-language dark web marketplaces for drugs. While formerly part of Hydra’s infrastructure, hydra[.]expert now appears to be solely dedicated to identifying Hydra’s…
CIS launches no-cost ransomware service for U.S. hospitals
Kat Jerich reports: The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States. The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity…