Top Stories
First CCPA Enforcement Action
Last week, California Attorney General Rob Bonta announced the first enforcement action under the CCPA, a $1.2 million settlement with multinational retailer Sephora over violations of the law's "Do Not Sell" provisions.
According to the attorney general's office, Sephora's violation specifically concerned the failures to inform individuals about the sale of their data and process sale opt outs through the Global Privacy Control. The retailer did not utilize the 30-day cure period allowed under the CCPA.
Breaches
Russian hackers plan to release data stolen from McKinney hospital onto dark web - CBS DFW
The Karakurt data extortion group said it will reveal information from 360 gigabytes of invoices, patient data and other files stolen from Methodist McKinney Hospital, north of Dallas.
Florida Orthopaedic Institute Reaches $4M Settlement Over Data Breach
Florida Orthopaedic Institute (FOI), also known as Musculoskeletal Institute, reached a $4 million proposed settlement over a 2020 data breach. The breach was the fifth-largest of 2020 and impacted 640,000 individuals.
Humana, Cotiviti data breach class action settlement - Top Class Actions
Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach.
US Orgs Have Suffered 5,000 Healthcare Data Breaches Since 2009
More than 342 million medical records were impacted by the thousands of healthcare data breaches that occurred from 2009 to June 2022.
Security
French hospital hit by $10M ransomware attack, sends patients elsewhere
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
Oregon hospital is asking its employees to repay $2 million mistakenly paid in wages - oregonlive.com
Employees of St. Charles Health System are being asked to repay roughly $2 million after a ransomware attack on a global workforce management provider kept health system staff from accessing time card data for months.
The hospital is asking 2,358 employees to repay an average of $780 each. A union representing nurses said some staff are being asked to pay back up to $3,000.
Fears NHS cyberattack recovery causing ‘total chaos’ could last a year | The Independent
It could take more than a year for hospitals to recover patient record systems following the recent NHS cyberattack, The Independent has learned.
Why the Twilio Breach Cuts So Deep | WIRED
The secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta are all Twilio customers that were secondary victims of the breach.
As Attacks on Healthcare Continue, Feds Warn of New Threats
As the latest wave of ransomware attacks, extortion attempts and related fallout continues hitting hospitals globally, U.S. federal authorities have issued a new warning to the healthcare sector about Karakurt, the group claiming to be behind one of the most recent incidents.
Privacy
Practice Fined for Tossing PHI in Parking Lot Dumpster
Proper disposal of any form of patient information, whether electronic or paper, is a cornerstone of HIPAA privacy and rules, and the practice of throwing patients’ empty specimen containers in a dumpster has cost a Massachusetts dermatology group $300,640 in fines.
Google sued over access to millions of NHS blood tests
Between 2015 and 2019 Google DeepMind was handed 1.6m people’s medical records by the Royal Free. These were used to train artificial intelligence algorithms powering a mobile app called Streams.
Misc
Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage - WSJ
Lloyd’s is a marketplace where roughly 75 syndicates of underwriters congregate to provide insurance coverage for businesses, organizations and individuals. As of March 31, when coverage begins or is renewed, syndicates must exclude state-backed cyberattacks from policies that protect against physical and digital damage caused by hacks, Underwriting Director Tony Chaudhry said in a bulletin dated Aug. 16.