A hacking incident at a cloud-based electronic health records software vendor affects dozens of the company's pediatric practice clients and more than 2.2 million of their patients and other individuals. The breach spotlights several common but serious risks.
The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
Federal regulators issued a warning to healthcare entities and their tech vendors that the use of tracking code embedded in patient portals that transmit patient information to third-parties could be a violation of HIPAA and punishable with monetary fines.
A British judge ordered cryptocurrency trading platforms to divulge the identities of account holders accused of holding funds stolen from an English digital assets exchange. A change in civil procedure makes it easier for English judges to subpoena foreign entities in cases of financial fraud.
U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.
The Department of Health and Human Services has issued a new proposed rule to better align the HIPAA privacy and breach notification rules with regulations involving the confidentiality of records pertaining to patients receiving treatment for substance use disorders.
The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.
Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.
Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scraped data of 533 million users appeared online. The data contained names, phone numbers and birthdates. Facebook says it takes active measures against data scraping.
An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.
The United Kingdom is the newest front in the long-fought conflict over end-to-end encryption, as a slew of civil society groups urge the prime minister not to back legislation empowering regulators to force online intermediaries into providing decrypted messages.
A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.
Authorities charged six people, including five former Tennessee hospital workers, with conspiracy in disclosing health data. Federal prosecutors say the six sold information about patients involved in motor vehicle accidents to third parties, including chiropractors and personal injury attorneys.
The U.S. Department of Justice on Friday charged 10 individuals with using business email compromise and money laundering schemes to target public and private insurers. These schemes targeted Medicare, state Medicaid programs, private health insurers and numerous other victims.
Payment card security group PCI Security Standards Council has a new standard aimed at smoothing the contactless payment experience at retailers by ensuring that a single commercial device can process card data and a PIN. Consumers across the globe increasingly use contactless methods for payment.