If a covered entity detects a breach at the beginning of June 2021 but doesn’t notify patients until January 2022, will HHS think this is just fine? What if there was no encryption of data involved? Is it acceptable to take 7 months to notify patients if there are no unusual circumstances or request from…
The Impact of Data Security Incident Trends on Commercial Transactions: Part III – Vendor Agreement Resolutions for 2022
Craig Carpenter and Erika Vela of BakerHostetler write: As the BakerHostetler Digital Risk Advisory and Cybersecurity team wraps up the 2022 edition of annual Data Security Incident Response (DSIR) Report, we take one last look at the findings in the 2021 edition of the report to prepare our New Year’s resolutions of a data privacy and security attorney for…
Health Ministry Responds to Massive Data Leak of Medical Records of Indonesian Patients
Tempo.co reports: Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data. According to a report by Antaranews, the data that were sold in the dark web contains 720 GB of personal medical…
Sg: OG department store customers’ personal details leaked in data breach
Rosalind Ang reports: There has been a leak of OG department store customers’ personal data such as names, mobile numbers and dates of birth, said the retailer on Thursday (Jan 6). In a statement to OG members, the department store said it was notified on Tuesday about the data breach, which affected members who are in either…
Why Canadian cyber insurance companies are requiring businesses to use multi-factor authentication
Alyssa DiSabatino reports: Canadian cyber insurance companies are now requiring businesses to offer multi-factor authentication (MFA) and have cybercrime/data breach response plans in place before qualifying for coverage. Prudent, since cybercrimes and ransomware attacks are on the rise – Canadians have lost $4.9 billion to ransomware attacks in the last year. Read more at Canadian…
FinalSite ransomware attack shuts down thousands of school websites
Lawrence Abrams reports: FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions for over 8,000 schools and…