Top Stories
Europe Pushes Forward with Regulations
Some major developments in Europe this week. On Tuesday, EU lawmakers approved the Digital Services Act (DSA) which in addition to the Digital Markets Act (DMA), requires online platforms to do more to police the internet for illegal content. Companies can face fines of up to 10% of annual global turnover for DMA violations and 6% for DSA breaches.
Then on Thursday, Ireland's Data Protection Commission sent a draft decision to its EU data protection authority counterparts in which it proposes to stop Facebook parent company Meta from transferring personal data from the EU to the U.S..
The draft order stems from a 2020 decision from the EU’s highest court, the Court of Justice, which put tough conditions on how companies could send European personal information to be stored in the U.S., saying that Europeans had no effective way to challenge American government surveillance.
While Thursday’s decision concerns Facebook, thousands of businesses use similar contractual provisions to transfer data, bringing into question the use U.S.-based data centers to do things like sell online ads, measure their website traffic, or manage company employees in Europe.
Breaches
China Police Database Was Left Open Online for Over a Year, Enabling Leak - WSJ
The Shanghai police records—containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens—were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said.
Vendor Ransomware Attack Impacts 660 Healthcare Organizations
Professional Finance Company (PFC), an accounts receivable management agency based in Greeley, Colorado, disclosed a ransomware attack that impacted 660 of its healthcare organization clients.
Security
Orgs Adopt Healthcare Cybersecurity Tech to Keep Cyber Insurance Premiums Down
The cost of cyber insurance continues to climb along with cyber risk as insurers weigh the risks of providing coverage to an industry constantly facing data breaches and cyberattacks.
Highflying Cyber Firms Cut Staff After Raising Hundreds of Millions of Dollars
About 1,400 workers have been laid off since late May from cyber and privacy firms, many of which raised hundreds of millions of dollars in recent years.
Security advisory accidentally exposes vulnerable systems
A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022.
Feds Warn Healthcare Sector of 'Maui' Ransomware Threats
Attackers use Maui ransomware to encrypt servers responsible for healthcare services - including electronic health records, diagnostics procedures, medical imaging, and medical center intranet services, the advisory says.
Privacy
EDPB July 12th Agenda
The agenda includes discussion around a joint opinion from the EDPB and European Data Protection Supervisor on the proposal for regulation on the European Health Data Space.
Senators sound the alarm on privacy, call for HIPAA update | Healthcare IT News
In a letter to Health and Human Services Secretary Xavier Becerra on July 1, Senators Michael Bennet, D-Colo., and Catherine Cortez Masto, D-Nev., called on HHS to use its powers to ensure the HIPAA Privacy Rule is better positioned to protect the health information of patients seeking reproductive healthcare.
UK urgently needs new laws on use of biometrics, warns review | TechCrunch
An independent review of UK legislation has concluded the country urgently needs new laws to govern the use of biometric technologies and called for the government to come forward with primary legislation.