Top Stories
Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered - WSJ
The costly NotPetya cyberattack, which the U.S. blamed on Russia, should be considered a “cyber nuclear attack,” insurers argued as they urged judges to overturn a legal win by Merck & Co. in a dispute that could have broad ramifications for business insurance.
Breaches
Third-Party Data Breach Victims Double, Healthcare Most Targeted
A Black Kite report revealed the increasing level of impact third-party had on select industries, with healthcare as the most targeted sector.
Florida hospital takes IT systems offline after cyberattack
Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack.
Florida hospital still diverting some EMS patients 5 days after cyberattack | SC Media
Despite recovering some care services, EMS care diversion continues at Florida’s Tallahassee Memorial Health. This week’s healthcare data breach roundup also includes multiple data exfiltration incidents and a phishing attack.
Security
Business Email Compromise (BEC) Attacks Continue to Increase in Healthcare
Behind the transportation and automotive industries, healthcare employees were the most likely to read and reply to malicious emails, falling victim to business email compromise (BEC) attacks, Abnormal Security revealed in its H1 2023 Email Threat Report.
US NIST unveils winning encryption algorithm for IoT data protection
The National Institute of Standards and Technology (NIST) announced that ASCON is the winning bid for the "lightweight cryptography" program to find the best algorithm to protect small IoT (Internet of Things) devices with limited hardware resources. Small IoT devices are becoming increasingly popular and omnipresent, used in wearable tech, "smart home" applications, etc. However, they are still used to store and handle sensitive personal information, such as health data, financial details, and more.
Privacy
Senators Grill Telehealth Firms on Data-Sharing Practices
Scrutiny over the use of online tracking codes in health-related websites intensified Thursday as a group of bipartisan U.S. senators pressured three telehealth companies about their data tracking and sharing practices. The telehealth firms receiving the letters are California-based Cerebral, which offers mental health services; Monument, a New York-based online alcohol treatment platform; and Workit Health, a Michigan-based substance addiction treatment provider.
A healthy dose of consent: Takeaways from the FTC’s GoodRx case
This case signals an increase in the FTC's use of its unfairness authority in privacy cases, with some important takeaways for privacy programs that handle health-related data. It also asserts a novel application of the HBNR against digital health services, which often fall outside the scope of the Health Insurance Portability and Accountability Act.
Cedars-Sinai, Cerebral, telehealth companies among latest accused of data sharing with Meta | SC Media
Senate inquiries to Cerebral and two telehealth vendors demand answers into reports their apps shared user health data with Facebook and Google, while a consumer lawsuit Cedar-Sinai alleges the same privacy violations.
Europe
CJEU issues ruling on DPOs and conflict of interest
In a Feb. 9 ruling centered around Article 38 of the EU General Data Protection Regulation, the CJEU stated DPOs should “be in a position to perform their duties and tasks in an independent manner” but “cannot be entrusted with tasks or duties which would result in him or her determining the objectives and methods of processing personal data on the part of the controller or its processor.”
Misc
CVS Nearing $10.5 Billion Deal for Primary-Care Provider Oak Street Health - WSJ
The deal, which could be announced this week, would expand the health insurer and pharmacy chain’s role in medical care.
PE Firm Francisco Partners to Purchase Sumo Logic for $1.7B
Francisco Partners has joined Thoma Bravo and Vista Equity Partners in the take-private cybersecurity spree, agreeing to buy data analytics vendor Sumo Logic for $1.7 billion.
AMA calls for stronger laws to protect patient data | Insurance Business Australia
The Australian Medical Association (AMA) has called for stronger safeguards to protect patient data, saying laws must be in place to prevent security breaches and the use of health data to boost private profits.