Top Stories
Joe Sullivan guilty in Uber hacking case - The Washington Post
former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016.
Joe Sullivan was found guilty of obstructing justice for keeping the breach from the Federal Trade Commission, which had been probing Uber’s privacy protections at the time, and of actively hiding a felony.
The Uber Data Breach Conviction Shows Security Execs What Not to Do | WIRED
“This definitely will have a chilling effect,” says Anthony Vance, a professor and researcher at Virginia Tech who focuses on how individuals and organizations can improve cybersecurity practices. “Most people aren’t clear about the nuance that is involved here, but more generally, it does show that someone could be held accountable and convicted for a data breach, which has never happened. It’s possible even if this is an extreme case.”
Breaches
LifeBridge Health Breach Settlement
Md.-based LifeBridge Health agreed to pay $9.5 million to settle a lawsuit over a data breach disclosed in 2018, in which the personal information of 530,000 individuals was exposed. LifeBridge admitted no wrongdoing.
Cancer Testing Lab Reports 2nd Major Breach Within 6 Months
A data breach at a Georgia cancer testing laboratory affecting the information of nearly 245,000 individuals is the second time within six months the lab reported to federal regulators a hacking breach affecting hundreds of thousands of individuals.
Data Security Incident Exposes PHI For Over 1K Zomo Health Members
According to a notice on its website, Zomo Health became aware of a spreadsheet containing plan member information that was inadvertently made accessible through its website on August 5, 2022.
Security
MercyOne online systems shut down following 'IT security incident'
CHI Health locations in the Omaha area owned by CommonSpirit Health have also reported a similar IT security threat affecting electronic health records and other systems, prompting those systems to go offline, according to the Omaha World-Herald.
Health system officials did not specify how many other hospitals in the region may be affected. As one of the nation's largest health systems, Chicago-based CommonSpirit operates 140 hospitals and more than 1,500 other health care sites across 21 states.
CommonSpirit Statement: IT Issue
CommonSpirit Health has identified an IT security issue that is impacting some of our facilities. We have taken certain systems offline. We are continuing to investigate this issue and follow existing protocols for system outages. We are grateful to our staff and physicians, who are doing everything possible to minimize the impact to our patients. We take our responsibility to our patients very seriously and apologize for any inconvenience.
Europe
Under New Order, Europeans Can Complain to U.S. About Data Collection - The New York Times
The order puts new restrictions on electronic surveillance by American intelligence agencies. In addition, Europeans will be able to complain to an official in the Office of the Director of National Intelligence if they believe their information was collected in a way that violated the standards or U.S. law. They could ultimately plead their case before a new independent review body, the Data Protection Review Court.
White House executive order brings EU-US data flow deal closer to finish line
The wait for a finalized agreement to solidify EU-U.S. data flows is winding down. The latest step forward in the process came with U.S. President Joe Biden's long-awaited executive order mandating new legal safeguards over U.S. national security agencies' access and use of EU and U.S. personal data.
Biden’s Privacy Order Slaps a Band-Aid on the EU-US Data Crisis | WIRED
THE UNITED STATES is not going to stop spying on Europeans’ data, but it is going to make sure that spying is “proportionate.” This was the reassurance that US President Joe Biden offered concerned citizens across the Atlantic today by signing an executive order designed to restart the easy flow of data between Europe and the US.