Top Stories
Credit-Raters Look More Carefully at How Companies Respond to Cyberattacks
The big rating firms are giving more weight to the fallout of breaches in determining a company’s creditworthiness. S&P has downgraded some firms months or even a few years after a hack.
Medlab Pathology Breach Affects 223,000 Australians
Information about individual diseases diagnoses, payment cards and national insurance cards is among the data stolen by hackers from Australian company Medlab Pathology.
Medibank Withdraws Policy Growth Forecasts, Cyberattack Escalates - MarketWatch
Medibank Private Ltd. said it has withdrawn its fiscal 2023 outlook for policyholder growth as a result of an escalating cyberattack, with plans to provide a further update at its first-half results.
Australia to toughen privacy laws with huge hike in penalties for breaches | TechCrunch
Australia has confirmed an incoming legislative change will significantly strengthen its online privacy laws following a spate of data breaches in recent weeks.
Breaches
Data Breaches Rise By 70% Globally in Q3 2022 - Infosecurity Magazine
A total of 108.9 million accounts were breached in the third quarter of 2022, a 70% increase compared to the previous quarter.
ACLU of RI Sues RIPTA, UnitedHealthcare Over Healthcare Data Breach
Attorneys with the American Civil Liberties Union (ACLU) of Rhode Island filed a class-action lawsuit against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare (UHC) New England over their handling of an August 2021 healthcare data breach that impacted thousands of individuals.
Michigan Medicine notifies patients of health information breach | Michigan Medicine
Michigan Medicine is notifying approximately 33,850 patients about employee email accounts that were compromised which may have exposed some of their health information.
CommonSpirit IT Systems Still Offline One Month Post-Attack
Nearly one month after a ransomware attack on the nation's fourth-largest hospital network, CommonSpirit Health is struggling to bring back online various IT systems - including electronic medical records, prescriptions and patient appointment scheduling.
Top DOJ official 'pleased' with multiagency and branch response to courts data breach
The Department of Justice and Department of Homeland Security’s response to the 2020 breach of the federal courts’ public records management system — thrust into the headlines by the head of the House Judiciary Committee in July — was a “model” of different branches of government working through complex issues in a constructive way, a top DOJ official said Thursday.
Security
October 2022 OCR Cybersecurity Newsletter | HHS.gov
October 2022 OCR Cybersecurity Newsletter focuses on Incident Response
New open-source tool scans public AWS S3 buckets for secrets
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets.
US FTC Targets CEO of Booze App Over Weak Cybersecurity
The chief executive of online alcohol marketplace Drizly is set to come under a decadelong government mandate requiring him to personally ensure any company he leads has a cybersecurity program.
Privacy
Privacy and digital health data: The femtech challenge
The Dobbs v. Jackson Women's Health Supreme Court decision has raised the stakes for privacy protections of health data in the U.S. By the end of the year, the femtech market — that is, digital tools such as mobile applications related to women's health — is estimated to be a $51.6 billion global market, more than a third of the total valuation of digital health. While the repercussions of gaps in U.S. digital health data protections extend well beyond women's health, the post-Dobbs privacy concerns in the femtech market highlight the complexities of today's health privacy protections and the ad tech ecosystem.
A long-dormant Texas privacy law is finally being put to use against tech giants - The Record by Recorded Future
When Texas passed a biometric privacy law in 2009, it was only the second state to have such a rule on its books. But the regulation laid dormant until this year, when the state’s attorney general brought a suit against Meta.
On Thursday, Attorney General Ken Paxton activated the law again, alleging that Google’s data practices violate the 2009 Capture or Use of Biometric Identifier (CUBI) Act. The move highlights the power a handful of key states now wield in a U.S. privacy policy debate that has seen little action on the federal level — and suggests that Texas might soon play a leading role.
Europe
All cervical cancer tests sent to US since cyberattack last December – The Irish Times
The only Irish cervical screening lab, at the Coombe Women & Infants University Hospital, stopped processing samples last December when the Dublin hospital suffered a cyberattack. While the hospital quickly resumed services, the lab has continued to export all samples for screening to the US ever since.