Top Stories
Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates | HHS.gov
HHS warning to providers: Use of online tracking technology (i.e. Pixel) in patent portals without a BAA violates HIPAA.
Breaches
Third-Party Data Breach Impacts 119 Pediatric Practices, 2.2M Patients
Connexin Software, a company that offers pediatric-specific health IT solutions and operates under the name Office Practicum, notified more than 2.2 million individuals of a healthcare data breach that occurred in August 2022. Nearly 120 pediatric physician practices and practice groups were impacted by the breach.
San Juan Regional Medical Center Reaches Settlement Following Healthcare Data Breach
San Juan Regional Medical Center (SJRMC) reached a proposed settlement following a 2020 healthcare data breach that impacted nearly 69,000 individuals.
Australia will now fine firms up to AU$50 million for data breaches
The financial penalty introduced by the new bill is set to whichever is greater:
AU$50 million Three times the value of any benefit obtained through the misuse of information 30% of a company's adjusted turnover in the relevant period
LastPass cloud breach involves 'certain elements' of customer information | SC Media
LastPass on Wednesday reported that it detected “unusual activity” within a third-party cloud service that’s shared by LastPass and its GoTo affiliate — an event that was the company’s second reported breach in three months.
Security
Weak Connected Medical Device Security Increases Cyberattack Threats
A new survey found that healthcare organizations with more connected medical devices have a 24 percent greater risk for cyberattacks, underscoring a need for more medical device security.
Brooklyn Hospitals Decried for Silence on Cyber Incident
Some systems at One Brooklyn Health System's three hospitals - Interfaith Medical Center, Brookdale Hospital Medical Center and Kingsbrook Jewish Medical Center - were taken offline Nov. 19 following an incident about which little is publicly known.
Rackspace: Ongoing Exchange outage caused by security incident
American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident.
What the Census Bureau Can Learn From the IRS About Detecting Cyberattacks - Nextgov
In separate reports, agency watchdogs demonstrated the difference proper implementation of detection controls can make in limiting the impact of attempted cyber intrusions: one, a foiled ransomware attack against the Internal Revenue Service; the other, an internal penetration test of the Census Bureau’s resilience.
Privacy
HIPAA and 42 CFR Part 2: Issuance of the 2022 Notice of Proposed Rulemaking| HHS.gov
HHS Proposes New Protections to Increase Care Coordination and Confidentiality for Patients With Substance Use Challenges
Europe
Microsoft 365 faces darkening GDPR compliance clouds after German report | TechCrunch
Legal trouble may be brewing for Microsoft in the European Union, where an assessment by a working group of German data protection regulators that’s spent around two years looking into a swathe of privacy concerns attached to its cloud-based 365 productivity products — including by engaging directly with the tech giant to try to get it to fix compliance issues — has found Microsoft has still not been able to resolve any of the compliance problems they’ve raised with it.
NHS breaks up £400mn data contract in response to privacy concerns | Financial Times
Palantir is still set to bid for the contract to operate the NHS’s main data platform — the most lucrative element of the contract with a value of £360mn.
Misc
Cyber Insurers Turn Attention to Catastrophic Hacks - WSJ
While cyber insurance has evolved significantly in recent years, insurers say they might still be unprepared for the fallout from a catastrophic cyberattack.