It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…
French CNIL is setting the tone for 2023: patients data and medical research on its radar
Julie Schwartz and Patrice Navarro of HoganLovells write: CNIL has always been very attentive to the processing of health data and to their security and confidentiality. It regularly publishes content on its website (practical information sheets, guidelines and binding recommendations), and has also made health data security one of its priority topics for its investigations…
UK law: Ethical hackers urged to respond to Computer Misuse Act reform proposals
Alex Scroxton reports: Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990. The long-awaited consultation, which has been running since February, is seeking views on a…
A hospital went dark after it was hacked. It’s still reeling two years later
Farah Yousry reports the aftermath of a ransomware attack by Hive that was previously reported on DataBreaches in 2021: As the second year of the pandemic was nearing an end, employees at Johnson Memorial Health hoped they could catch their breath after dealing with a weeks-long tsunami of COVID-19 hospitalizations and deaths. But on a…
NYS Secures $200,000 from Law Firm for Failing to Protect New Yorkers’ Personal Data
NYS Attorney General Letitia James announced a settlement: New York Attorney General Letitia James secured $200,000 from the law firm, Heidell, Pittoni, Murphy & Bach LLP (HPMB) for failing to protect New Yorkers’ personal and healthcare data. HPMB’s poor data security measures made it vulnerable to a 2021 data breach that compromised the private information of approximately…
No need to hack when 682,000 medical records are leaking, Monday edition
On March 15, DataBreaches was contacted by a researcher who had found a “bunch of medical docs.” The files included patient intake evaluations, laboratory results, medical records requests, insurance information forms, treatment or consultation notes, and other files you would expect to see in a patient’s records. The patients all appeared to be in Texas,…