Top Stories
Radiology Group Sues Broker Over Lapsed Cyber Insurance Policy - WSJ
A radiology group in North Carolina is suing its insurance broker, alleging the company’s cyber policies were allowed to lapse just before a ransomware attack—and that it only found out when it tried to make a claim.
Small Utilities, Hospitals Struggle With Newer Cyberthreats
The Health and Human Services Department has developed separate sets of industry best practices for small, medium and large hospital systems with off-the-shelf resources that small hospitals can use as is, said Mazanec, deputy director for the Office of Preparedness.
Breaches
Ransomware gang steals data of 5.8 million PharMerica patients
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.
Maxim Healthcare Reaches Settlement Over 2021 Data Breach Case
The company, which admitted the 2021 data breach had impacted over 28K, has agreed to pay victims up to $5K, covering extraordinary costs.
4 State AGs Punch EyeMed With $2.5 M Fine for 2020 Breach
The attorneys general of four states levied a $2.5 million fine on vision care provider EyeMed to settle an investigation into a 2020 email phishing incident that exposed the personal data of 2.1 million individuals in the United States.
UMass Memorial Medical Center of Worcester settles data breach suit
A civil case stemming from a 2021 payroll data breach at UMass Memorial Medical Center was settled for $1.2 million this week.
Utah Health System Suffers Healthcare Data Breach, 103K Impacted
Uintah Basin Healthcare (UBH) recently notified 103,974 individuals of a healthcare data breach that potentially compromised the protected health information of patients. UBH first discovered suspicious network activity on November 7, 2022 and took immediate steps to secure its systems.
Privacy
Tennessee Enacts Eighth State Comprehensive Privacy Law in US
Gov. Bill Lee (R) signed the Tennessee Information Protection Act into law on Thursday, making his state the eighth with comprehensive consumer data privacy protections.
FTC Fines Fertility App Vendor, Bars It From Data Sharing
The developer of fertility logging app Premom agreed it shouldn't share user information with advertisers under an agreement with the U.S. Federal Trade Commission. App maker Easy Healthcare must also pay $100,000 and ask the advertising and analytics companies that received user information to delete the data.
Europe
Warnings over NHS data privacy after ‘stalker’ doctor shares woman’s records | NHS | The Guardian
The confidentiality of NHS medical records has been thrown into doubt after a “stalker” hospital doctor accessed and shared highly sensitive information about a woman who had started dating her ex-boyfriend, despite not being involved in her care.
Health data and use of cookies: DOCTISSIMO fined €380,000 | CNIL
The CNIL fined DOCTISSIMO €380,000 because it failed to comply with obligations under the GDPR, in particular obtaining consent of individuals to the collection and use of their health data, and because it didn't comply with the rules on cookies.
Misc
Cybersecurity Leaders Suffer Burnout as Pressures of the Job Intensify - WSJ
Relentless cyberattacks and pressure to fix security gaps despite budget constraints are raising the stress levels of corporate cyber leaders and their worries about personal liability, a growing concern since the criminal case against Uber Technologies ’ former security chief.