Top Stories
Most of the 10 largest healthcare data breaches in 2022 are tied to vendors | SC Media
Ninety percent of 10 largest healthcare data breaches reported this year were caused by third-party vendors, much like in 2021. The fallout for many of these cyberattacks resulted in impacts for multiple connected providers, with two of these vendor incidents affecting hundreds of providers.
Breaches
Athletes' passport, vaccination details leaked online - report | Reuters
The passport details and vaccination certificates of hundreds of professional table tennis players have been leaked online after a security issue on the server of the sport's governing body ITTF
Reconciling International Breach Reporting Rules Could Prove Challenging - WSJ
Privacy and security chiefs say different countries must sync up rules around cybersecurity incident reporting, but contrasting views between governments on how to implement rules could complicate those efforts.
Security
GitHub Introduces Secret Scanning to Prevent Leaks and Security Breaches - The Leak
GitHub has taken a new initiative to scan source code for any hardcoded security credentials.
HC3: Analyst Note Lockbit 3.0 Ransomware
U.S. federal authorities are warning healthcare and public health sector organizations of attacks involving LockBit 3.0 ransomware.
Google releases dev tool to list vulnerabilities in project dependencies
Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project. The scanner draws data from OSV.dev, the distributed vulnerability database for open source code that Google released in February 2021, to offer relevant information about known security issues affecting open-source code.
Privacy
“Out Of Control”: Dozens of Telehealth Startups Sent Sensitive Health Information to Big Tech Companies – The Markup
An investigation by The Markup and STAT found 49 out of 50 telehealth websites sharing health data via Big Tech’s tracking tools
Europe
Microsoft to roll out ‘data boundary’ for EU customers from Jan. 1 | Reuters
Microsoft Corp said on Thursday its European Union cloud customers will be able to process and store parts of their data in the region from Jan. 1.
Misc
CDC awards Palantir consolidated disease surveillance contract worth $443M
Running five years, the contract unites the Palantir-driven Health and Human Services (HHS) Protect, Administration for Strategic Preparedness and Response (ASPR) Engage, Tiberius and DCIPHER programs into what the CDC is calling its Common Operating Picture.