Top Stories
MOVEit Hacks Ensnare US Department of Health and Human Services
The US Department of Health and Human Services was ensnared by a sweeping hacking campaign that exploited a flaw in file-transfer software called MOVEit, according to an official with the department.
The attackers gained access to data by exploiting MOVEit software used by third-party vendors, the official said, adding that no HHS systems or networks were compromised. Congress was notified of a “major incident” on June 27, according to the official, indicating it may involve exposure of data from 100,000 or more people.
Breaches
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
The gang, known as ALPHV or BlackCat, posted a statement on Friday claiming it had obtained seven terabytes of internal documents from the Barts Health NHS Trust, which manages five hospitals in London that care for about 2.5 million people, according to the Trust’s website.
JumpCloud resets admin API keys amid ‘ongoing incident’
Headquartered in Louisville, Colorado, and launched in 2013, the cloud-based directory-as-a-service platform serves over 180,000 organizations across more than 160 countries.
Murfreesboro Medical Clinic Confirms 559K-Record Breach
Approximately 559,000 individuals were impacted by a healthcare data breach at Murfreesboro Medical Clinic & SurgiCenter (MMC), the Tennessee-based organization confirmed.
Security
June 2023 OCR Cybersecurity Newsletter | HHS.gov
Federal regulators are once again reminding healthcare entities and their vendors of the importance of using strong multifactor authentication.
Snappy: A tool to detect rogue WiFi access points on open networks
Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.
Medtronic Paceart Optima System | CISA
Federal regulators are warning about a vulnerability in medical device maker Medtronic's Paceart Optima System for collecting and managing data from cardiac devices.
Privacy
IAPP Privacy Risk Study 2023
The IAPP released the Privacy Risk Study 2023, which examines the significant privacy challenges faced by organizations in relation to risk assessment and management. Teaming with KPMG on the 2023 edition, the IAPP studied companies' public 10-K submissions to the U.S. Securities and Exchange Commission while gathering further perspective from a range of senior privacy leaders.
Europe
Statement from U.S. Secretary of Commerce Gina Raimondo on the European Union-U.S. Data Privacy Framework | U.S. Department of Commerce
The U.S. Department of Justice and the Office of the U.S. National Intelligence Director announced the completion of commitments under President Joe Biden's executive order concerning the EU-U.S. Data Privacy Framework.
A view from Brussels: The pitch for GDPR harmonization
On Tuesday, European Commissioner for Justice Didier Reynders presented a legislative proposal aimed at facilitating cooperation among data protection authorities on cross-border EU General Data Protection Regulation investigations.
EU Commission revamps procedures to speed up Big Tech privacy probes | Reuters
Stung by criticism of tardy privacy investigations and the Irish privacy regulator's outsized role in overseeing Big Tech, the European Commission on Tuesday announced new rules to help watchdogs work on cross-border cases at a faster clip.
Meta’s Facebook Faces Fresh Threat to Sending Personalized Ads in EU - WSJ
Meta META -0.81% Platforms’ Facebook must get user consent before sending personalized ads in certain circumstances, the European Union’s top court ruled, a surprise element in a broader court decision in which it sided with German competition regulators in limiting how the company can use data.
Google Analytics data transfer to U.S. brings $1 million fine to Swedish firms
The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY) has fined two companies with 12.3 million SEK (€1 million/$1.1 million) for using Google Analytics and warned two others about the same practice.
Ransomware Continues to Plague European Healthcare Sector
Ransomware continues to be the biggest threat to the European healthcare sector, but the region also is experiencing an uptick in distributed denial-of-service attacks tied to hacktivist groups, the European Union Agency for Cybersecurity warned.
Misc
Declining cyber insurance rates reported | SC Media
Reuters reports that lower than expected claims have prompted a nearly 10% decline in cyber insurance rates last month, compared with the same period last year.
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
The university’s board of directors, known as the regents, filed suit in the Superior Court for the State of California against various syndicates operating through the Lloyd’s of London insurance marketplace, claiming the school should have been covered by policies purchased before the incident. The regents allege the syndicates have refused to engage in dispute resolution by asserting that the statute of limitations applying to the claims had expired.
Security Chiefs Take On IT Roles as More Infrastructure Moves Online - WSJ
About 19% of CISOs at publicly traded companies also have responsibility for IT, according to a survey of 650 security executives published in April by Hitch Partners. Among private companies, 46% of CISOs hold the double role, the recruiting firm found.