Top Stories
NHS Fallout Continues
The fallout from the NHS's troubles from last week continues. First, Advanced, the Birmingham-based technology provider whose Adastra system underpins NHS 111 and other healthcare services indicated that the disruption stemmed from a ransomware attack. Then the always reputable Daily Mail confirmed the ransomware demands and speculated that "MILLIONS of confidential patient records could be leaked". Ultimately, Advanced indicated that they are working with forensic experts from Microsoft (DART) and Mandiant, who are helping bring the affected systems back online, but that full recovery may take up to a month.
Breaches
Dental Care Alliance Reaches $3M Proposed Settlement Over Healthcare Cyberattack
August 10, 2022 - Dental Care Alliance (DCA) reached a $3 million proposed settlement over a December 2020 healthcare cyberattack that lasted for one month and impacted 1 million patients and employees. DCA is a practice support vendor for more than 380 allied practices across 21 states.
Email hack costs Salinas Valley Memorial Health $340K in breach settlement
Salinas Valley Memorial Healthcare System in California has reached a $340,000 settlement with the 2,384 patients impacted by the hack of its email systems in mid-2020.
Security
Lawmakers Request 'Urgent' Cyber Briefing With HHS Leaders
The co-chairs of Congress' Cyberspace Solarium Commission are requesting a sit-down with Biden administration officials to discuss what they say is a lack of timely sharing of actionable threat information with the healthcare industry.
Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts - WSJ
A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.
Kali Linux 2022.3 adds 5 new tools, updates Linux kernel, and more
Kali Linux is a distribution designed for ethical hackers to perform penetration testing, security audits, and cybersecurity research against networks.
Hardware MFA Stops Attack on Cloudflare - GovInfoSecurity
Cloudflare is touting hardware multifactor authentication as the saving grace that protected it from a targeted phishing attack, unlike tech colleagues down the street at virtual communications firm Twilio.
Privacy
Data ‘Surveillance’ Crackdown Begins With FTC Privacy Rules - Bloomberg
The Federal Trade Commission is seeking public feedback on a proposed rulemaking to limit what it’s dubbed “commercial surveillance” by businesses that sell or share information collected about people, with potential new powers to levy fines for data protection violations.
FTC officially launches privacy rulemaking endeavor
The agency voted 3-2 on party lines to file an Advanced Notice of Proposed Rulemaking that will explore rules to "crack down on harmful commercial surveillance and lax data security."
EU Court Expands Definition of Sensitive Data, Prompting Legal Concerns for Companies - WSJ
Under the European Union’s General Data Protection Regulation, information about health, religion, political views and sexual orientation are considered sensitive. Companies generally aren’t allowed to process it unless they apply special safeguards.
GitHub's new privacy policy sparks backlash over tracking cookies
GitHub's present privacy policy (dated May 31, 2022) states that the software development platform places only "strictly necessary" cookies on users' web browsers and adheres to W3C's standard concerning the "Do Not Track" (DNT) privacy preference, should it be set by users.
Effective September 1, 2022, however, GitHub will start placing non-essential cookies on its marketing subdomains like resources.github.com.
Misc
Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise - WSJ
The price of cyber insurance has soared in the past year amid a rise in ransomware hacks and other cyberattacks. Given these realities, insurers are taking a harder line before renewing or granting new or additional coverage. They are asking for more in-depth information about companies’ cyber policies and procedures, and businesses that can’t satisfy this greater level of scrutiny could face higher premiums, be offered limited coverage or be refused coverage altogether, industry professionals said.
Hospital and drugmaker move to build a vast database of New Yorkers' DNA | | buffalonews.com
The Mount Sinai Health System began an effort this week to build a vast database of patient genetic information that can be studied by researchers — and by a large pharmaceutical company.