Top Stories
NHS Week
On Thursday, United Kingdom's National Health Service 111 service was attacked and briefly disrupted. The attack targeted the system that refers patients for care, dispatches ambulances, books appointments out of hours and handles emergency prescriptions, according to a company that provides digital services for NHS 111.
The attack hit the systems of British managed service provider (MSP) Advanced. Advanced's Adastra client patient management solution is used by 85% of NHS 111 services. The company said the attack was contained to a small number of servers.
In other news, a former British Health Advisor has been prosecuted by the ICO for obtaining the personal data of service users, namely patients of South Warwickshire NHS Foundation Trust. The Health Advisor appeared before Coventry Magistrates’ Court and pleaded guilty to 6 counts of unlawfully obtaining personal data, in breach of s170 of the Data Protection Act 2018, and was ordered to pay £250 compensation to each data subject, totalling £3,000.
Breaches
2022 Mid-Year Healthcare Data Breach Deep Dive
Insight on year-over-year healthcare data breach trends.
Two Vendor Hacks Affect Nearly 1.5 Million and Counting
Two hacking incidents involving vendors providing IT-related and other services to dozens of covered entity clients demonstrate how mounting reliance on third parties is also spreading increased risk to patient data.
Twilio Customer Data Breached via SMS Phishing of Employees
Twilio says that on Thursday, it found that a weekslong attack had tricked multiple employees into providing their login credentials to attackers.
Addressing Mobile Device Security Risks in Healthcare
Nearly half of more than 600 security professionals surveyed by Verizon in its new Mobile Security Index (MSI) report said that their organizations had suffered a compromise involving a mobile device in the past 12 months.
Security
Microsoft announces new external attack surface audit tool
The focus is on unmanaged or unknown assets added to the environment after mergers or acquisitions, created by shadow IT, missing from inventory due to incomplete cataloging, or left out due to rapid business growth.
Fortinet Looks to Address Rising Costs With Price Increases
Fortinet has raised prices on products and services to address macroeconomic challenges including shipping delays, longer activation timelines and the suspension of sales in Russia.
Privacy
Meta Faces Another Lawsuit Over Health Data Privacy Practices
Meta is facing scrutiny over its health data privacy practices after allegedly scraping health data from hundreds of hospital websites using its Meta Pixel tracker.
India withdraws personal data protection bill that alarmed tech giants | TechCrunch
The Indian government has withdrawn its long-awaited Personal Data Protection Bill that drew scrutiny from several privacy advocates and tech giants who feared the legislation could restrict how they managed sensitive information while giving government broad powers to access it.
Datatilsynets spørgeskema ved tilsyn med cloud
Denmark's data protection authority, Datatilsynet, published a questionnaire for data controllers using the cloud.