The Chilean Transparency Council (‘CPLT’) announced, on 1 June 2020, that following an audit of 12,000 purchase orders made by 86 organisations in the health sector, the CPLT found that 12 purchase orders by hospitals and six by health services were made which revealed the sensitive personal data of patients. Read more on OneTrust Data…
How screwed is Indian healthcare data?
Sai Krishna Kothapalli writes: Some months ago, I read an interesting article on Techcrunch titled “A billion medical images are exposed online” about medical imaging storage servers that are not configured securely and are exposed online. This caught my attention, and I wanted to dig deeper, especially in the Indian context. Read more on Medium. This…
Fitness Depot hit by data breach after ISP fails to ‘activate the antivirus’
Sergiu Gatlan reports that Canadian retailer Fitness Depot has disclosed a breach of their e-commerce platform that affected consumers’ personal and financial information. Gatlan reports: Based on the info in the breach notification letter the company sent to all potentially impacted individuals, the attack has all the signs of a textbook Magecart attack where the threat…
San Francisco Employees’ Retirement System notifies employees of contractor breach
The San Francisco Employees’ Retirement System has been notifying people about a breach. From their notification, this explanation of what happened: The Retirement System contracts with vendors to provide SFERS members with on‐ line access to their account information. One of the vendors, 10up Inc., set up a test environment on a separate computer server…
CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub
The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal…
Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…