Top Stories
European Commission adopts EU-US adequacy decision
The European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding it ensures U.S. protection of personal data transferred between the countries is comparable to that offered in the EU.
Breaches
Imagine360 Suffers Third-Party Data Breach, 112K Impacted
Upon discovering the breach in January 2023, the company took immediate measures, such as terminating platform access, resetting passwords, and assuring the security of its externally hosted environment. While still investigating the initial breach, a second incident surfaced on or around February 3, 2023.
HCA now faces at least 5 lawsuits in huge data breach
The complaints have been filed by patients in Nashville, California, Florida and Texas, according to the July 18 story. The health system said July 10 that 171 of its hospitals were caught up in the breach, where a hacker stole data from an external storage location and posted it online.
HCA Healthcare Suffers Data Breach, 11M Patients Impacted
HCA Healthcare confirmed a data breach that impacted approximately 11 million patients, resulting from data theft by an unauthorized party. HCA Healthcare is a leading healthcare organization comprised of 180 hospitals and 2,300 ambulatory sites of care in 20 states and the United Kingdom.
Security
Veterans Affairs OIG Finds Cybersecurity Deficiencies at AZ Health System
The VA OIG conducts annual audits of the VA’s information security program and practices to determine compliance with the Federal Information Security Modernization Act of 2014 (FISMA). The 2022 FISMA audit discovered significant compliance challenges across the VA network.
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
"A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection," warns Fortinet in a new advisory.
USB drive malware attacks spiking again in first half of 2023
What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023
Privacy
Attorney General Bonta Seeks Information from California Employers on Compliance with California Consumer Privacy Act | State of California - Department of Justice - Office of the Attorney General
California Attorney General Rob Bonta issued letters to large-sized employers throughout the state inquiring about their respective levels of compliance with the California Consumer Privacy Act. Bonta's letters specifically address businesses' compliance with protections governing the handling of employee and job applicants' personal information. "We are sending inquiry letters to learn how employers are complying with their legal obligations," Bonta said.
Misc
Apple Preps Ajax Generative AI, ‘Apple GPT’ to Rival OpenAI and Google - Bloomberg
The iPhone maker has built its own framework to create large language models — the AI-based systems at the heart of new offerings like ChatGPT and Google’s Bard — according to people with knowledge of the efforts. With that foundation, known as “Ajax,” Apple also has created a chatbot service that some engineers call “Apple GPT.”
Scoop: Congress sets limits on staff ChatGPT use
Driving the news: In a memo to House staffers on Monday morning, a copy of which was obtained by Axios, the chamber's Chief Administrative Officer Catherine L. Szpindor wrote that offices are "only authorized" to use the paid ChatGPT Plus.