Ankur Sharma reports: In what is suspected to be the biggest data leak case in the country so far, details of 81.5 crore Indians with the Indian Council of Medical Research (ICMR) are on sale. Given the grave nature of the incident, India’s premier agency Central Bureau of Investigation (CBI) is likely to probe the…
Category: Non-U.S.
Breaking Trust: Hospital Worker Suspended For Invasion Of Patient’s Privacy
Cheryl King reports: In a shocking incident at the Government Ariyalur Medical College Hospital, a temporary housekeeping staff has been suspended for violating patient privacy. The accused, Manikandan of Kadur in Perambalur, allegedly took a photo of a male patient who was lying unconscious and naked in the operation theatre and shared it on WhatsApp….
South Australian health patients caught up in data breach of third-party platform Personify Care
ABC reports: Thousands of South Australian public health patients are being contacted over a data breach of a third-party run portal. The state government said “unintentional human error” by patient portal Personify Care allowed an “unauthorised third party” to delete a folder used to store patient documents uploaded to an online platform. Department of Health…
Inadequate security measures: the Guarantor sanctions an ASL. The healthcare facility had suffered a ransomware attack
The following is a Google machine translation of a post by Italy’s data protection regulator. It strikes me yet again how entities covered by the GDPR get fined for poor or inadequate security practices that should — but generally do not — incur monetary penalties here: Sanction by the Privacy Guarantor of 30,000 euros to a…
France says Russian state hackers breached numerous critical networks
Bill Toulas reports: The Russian APT28 hacking group (aka ‘Strontium’ or ‘Fancy Bear’) has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia’s military intelligence service GRU, was recently linked to the exploitation of CVE-2023-38831, a remote…
AU: ASIC modifies licensees’ breach reporting obligations
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expecting ASIC’s second annual report on the regime to be published very shortly, and we expect compliance has not…