Weekly Top 5: GDPR Anniversary Coming Up, and More Data Breaches in Healthcare
GDPR Anniversary Coming Up, and More Data Breaches in Healthcare
We are just a few weeks away from the second GDPR anniversary and the 2018 Online Trust Audit shows that while “encryption everywhere” is improving security, “fuzzy language” is hindering privacy gains. This week we also saw some data breaches in Healthcare, specifically ones extending beyond patient data, into payroll and financial records. Perhaps not so coincidentally, the Online Trust Audit also reported that out of all industries in the study, Healthcare lags behind in security and privacy.
1. New Attacks (And Old Attacks Made New)
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK. The UK’s Home Office has issued an apology to hundreds of EU citizens after accidentally sharing their private email addresses. All victims were applying for “settled status” in the UK as part of a new program launched last June. EU citizens who have been in the UK for a minimum of five years are able to receive settled status, a designation that would let them live and work there after Brexit.
By: Derek Manky, Published on Dark Reading
2. Microsoft: Email Content Exposed in Customer Support Hack
Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought. But the company hasn’t released many details, including the total number of accounts affected. Techcrunch reported Sunday Microsoft was sending notifications about an email account breach that occurred between Jan. 1 and March 28. The breach potentially exposed email addresses, email subject lines, folder names, and other email contacts. But it wasn’t believed attackers had access to actual email content. That’s now changed in light of a report in Vice’s Motherboard on Monday, which says a source told it that the intruders did have full access to email content.
By: Jeremy Kirk, Published on Data Breach Today
3. Data Breaches in Healthcare Affect More Than Patient Data
Two recent data breaches at organizations in the healthcare sector illustrate that systems beyond those directly related to patient care can be at risk.
Boise, Idaho-based health insurer Blue Cross of Idaho Health Service Inc. reports that hackers recently attempted to manipulate a financial payment. The incidents are an important reminder for healthcare entities to remain vigilant about all cyber risks, including those unrelated to medical information, says privacy attorney Adam Greene of the law firm Davis Wright Tremaine. “With limited resources, it is easy for organizations to fall into the trap of focusing exclusively on protecting their electronic medical records or claims data and insufficiently training staff and implementing safeguards around other valuable information assets,” he says.
By: Marianne Kolbasuk McGee, Published on Data Breach Today
4. Data on Thousands of Law Enforcement Personnel Exposed in Breach
A data breach of systems operated by chapters of an FBI-affiliated nonprofit organization has exposed the personal information of thousands of law enforcement personnel and affiliated individuals. According to the Associated Press, home addresses and phone numbers, emails, and employers’ names were published online on at least 1,400 employees of the FBI, Secret Service, Capitol Police, US Park Police, and other federal agencies as well as police and sheriffs’ deputies in North Carolina and Florida. This was part of a data release exposing information on more than 23,000 people overall.
Published on Dark Reading
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
5. Security Audit Shows Gains, Though Privacy Lags
The author writes, “Many organizations talk about website security, but how many live up to the talk? That’s the question the Internet Society’s Online Trust Alliance (OTA) sought to answer with its annual “Online Trust Audit & Honor Role,” which examined more than 1,200 websites to measure their implementation of best practices in three areas: consumer protection (DNS, domain, and brand protection); site, server, application, and infrastructure security; and privacy, transparency, and disclosures.”
Overall, privacy, transparency, and disclosures dropped to 70 from 73, due to more stringent scoring in light of GDPR, CCPA, and other legislative efforts. Perhaps what is most interesting is the breakdown per industry. This infographic shows that among Federal, Consumer Services, News and Media, Banks, Internet Retailers, Healthcare significantly lags behind.
By: Curtis Franklin, Published on Dark Reading
Director, Product Marketing