From the no-good-deed-shall-go-unpunished-until-we-find-where-we-misplaced-our-common-sense dept., Catherine Shanahan reports: A man who found sensitive patient data on a city centre street and who highlighted his concerns in the media has been accused by the HSE of a data breach. Luke Field, who found data containing patient names and details of surgical procedures on the pavement of South…
Category: Commentaries and Analyses
United Arab Emirates: New law regulating data in the health sector
DLA Piper writes: The United Arab Emirates (UAE) federal government has issued Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields (“ICT Health Law”). The objectives of this law are to: ensure the optimal use of ICT in health fields; ensure safety and security of health…
New Requirements for FTC Data Security Settlements
Katherine E. Armstrong of Drinker Biddle & Reath LLP writes: Two of the Federal Trade Commission’s (FTC’s) most recent data security settlements include new requirements that go beyond previous data security settlements. The new provisions (1) require that a senior corporate officer provide to the FTC annual certifications of compliance and (2) specifically prohibit making…
A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree
Andy Greenberg reports: A software supply chain attack represents one of the most insidious forms of hacking. By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest…
“60 Minutes” reports on ransomware this Sunday at 7 p.m. ET/PT
This Sunday evening, May 5, CBS’s Scott Pelley will be reporting on ransomware in a segment on “60 Minutes.” The segment includes some discussion of the Hancock Regional Hospital incident where the hospital forthrightly disclosed that it paid ransom to protect their patients from a crippling ransomware attack. Read and watch the show’s preview of…
Breaches Must be Reported No Later Than 60 Days After Discovery. Is HIPAA Unreasonable, Though?
HealthITSecurity dives into an issue that both this site and Protenus have often addressed: the gap between when entities first become aware of a breach or that something likely happened, and the date on which they send notifications to affected patients. In some cases, entities’ disclosures and notifications are more than 60 days after they…