Ankur Sharma reports: In what is suspected to be the biggest data leak case in the country so far, details of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) are on sale. Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the…
Category: Health Data
IL: Morrison Community Hospital patient data leaked by threat actors
On October 13, BlackCat (AlphV) threat actors first threatened to leak data from Morrison Community Hospital (MCH) in Illinois. Shortly thereafter, the listing was removed, only to be re-listed on October 19 with a claim by BlackCat that because the hospital had not given them a clear response, they were going to leak a little…
Breaking Trust: Hospital Worker Suspended For Invasion Of Patient’s Privacy
Cheryl King reports: In a shocking incident at the Government Ariyalur Medical College Hospital, a temporary housekeeping staff has been suspended for violating patient privacy. The accused, Manikandan of Kadur in Perambalur, allegedly took a photo of a male patient who was lying unconscious and naked in the operation theatre and shared it on WhatsApp….
South Australian health patients caught up in data breach of third-party platform Personify Care
ABC reports: Thousands of South Australian public health patients are being contacted over a data breach of a third-party run portal. The state government said “unintentional human error” by patient portal Personify Care allowed an “unauthorised third party” to delete a folder used to store patient documents uploaded to an online platform. Department of Health…
Six months after data security incident, Fredericksburg Foot & Ankle Center notifies patients (1)
On October 24, the Fredericksburg Foot & Ankle Center (FFAC) in Virginia began mailing breach notification letters to almost 15,000 patients affected by a cyberattack. The letter’s “What Happened?” section simply stated, “As a result of a recent data security incident, an unauthorized person accessed our computer systems.” It did not mention ransomware or any…
Inadequate security measures: the Guarantor sanctions an ASL. The healthcare facility had suffered a ransomware attack
The following is a Google machine translation of a post by Italy’s data protection regulator. It strikes me yet again how entities covered by the GDPR get fined for poor or inadequate security practices that should — but generally do not — incur monetary penalties here: Sanction by the Privacy Guarantor of 30,000 euros to a…