Commentaries and Analyses – Page 414

How can we screw up incident response? Let me count the ways — Monday UK Edition

Posted on December 9, 2019 by Dissent

This week, DataBreaches.net was reminded yet again of the risks of trying to alert an entity to a breach. This time, it was not me who was threatened or any of the whitehat researchers I know. This week, it was a citizen who found patient records on the street in his town and undertook to…

Medical Devices Face January 14 D-Day

Posted on December 8, 2019 by Dissent

Medlaw reports: January 14, 2020, Microsoft will stop supporting Windows 7. So what? Well, if you are in the medical community, it could mean the choice between spending big money on updating the operating systems of your medical devices or facing the constant attacks of hackers with vulnerable, out-dated software. Some hospitals have updated medical…

Russian disinformation campaign behind leak of Labour’s NHS documents, Reddit says

Posted on December 7, 2019 by Dissent

The Press Association reports: Leaked documents used by Jeremy Corbyn as proof Tories are planning to sell off the NHS have been linked to a Russian disinformation campaign on Reddit, the social media platform has said. Reddit said it had banned 61 accounts following an investigation of suspect activity. Read more on BreakingNews.ie.

Indian Airtel: Bug meant users’ personal data was found not secure

Posted on December 6, 2019 by Dissent

Shadab Nazmi reports: A bug had been found in India’s third largest mobile network which could have exposed the personal data of more than 300 million users. The flaw, discovered in the Application Program Interface (API) of Airtel’s mobile app, could have been used by hackers to access subscribers’ information using just their numbers. That…

NYC Health & Hospitals Corp. investigating alleged employee wrongdoing

Posted on December 6, 2019 by Dissent

NYC Health & Hospitals Corp. posted a notice this week (reproduced below) that suggests that a rogue employee may have been selling PHI to law firms or clinics that specialize in motor vehicle accident patients. Of note, this notice does not specify any one hospital where the employee worked. Did the employee have access to…

Fine against hospital due to data protection deficits in patient management

Posted on December 5, 2019 by Dissent

From the European Data Protection Board: The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in…