WEEK OF APRIL 18, 2022
Patients increasingly suing hospitals over data breaches
- Fifty-eight lawsuits were filed in 2021, with 43 of them filed against healthcare organizations, the largest percentage among all industries.
- Industries are increasingly being sued by consumers for data breaches, but the sector with the biggest litigation increase is healthcare, according to new findings from the law firm BakerHostetler.
- In fact, healthcare comprises 23% of lawsuits due to data breaches. The next highest after that is business and professional services at 17%, followed by finance and insurance (15%), education (12%) and manufacturing (10%).
- One of the few bright spots for the industry was in “days to acceptable restoration,” or the amount of time it took to return to normal. For healthcare, it was 6.1 days, the second-fastest behind the energy and technology sector, at 4.6 days.
Danske Bank fined $1.5M for data processing failures under GDPR
- The Danish Data Protection Agency (Datatilsynet) has reported Danske Bank to the police and fined it 10 million Danish kroner (U.S. $1.47 million) for violations of the European Union’s General Data Protection Regulation (GDPR).
- The regulator recommended the Danish prosecution service impose its own separate fine over the bank’s failure to erase customers’ personal data in its systems.
- The regulator began its investigation in November 2020 after Danske Bank self-reported concerns it was storing personal data longer than necessary and that its systems were not fully GDPR compliant.
Fox News data leak exposed 13 million records including Personally Identifiable Information and celebrity details
- A Fox News data leak reportedly exposed at least 13 million records, including personally identifiable information and content management data via a cloud storage configuration error.
- According to a Website Planet research team led by Jeremiah Fowler, the 58 GB trove was left open without a username or password, allowing anybody with an internet connection to access it.
- Fowler noted that the leak posed a significant threat by exposing the environment’s backend structure, technical information, and internal email addresses.
Hetzner lost customer data and gave 20€ as compensation
- Hetzner, which operates several data centers in Germany and Finland, suffered a rare occurrence of multiple hardware failures that have wiped some customers’ snapshots, with no way of recovering them.
- The news of this data loss comes from a letter shared by a Hetzner customer on Y Combinator stating one of Hetzner’s clusters located in Nuremberg was impacted by a very unfortunate series of events where multiple disks failed in brief succession.
- According to that notice, Hetzner’s cloud services achieve data security by copying the snapshots across three hard disks, so even if two fail, the data will still be available. In this case, though, not even that redundancy level was enough to save the customers’ data.
Oil India suffers cyber attack, receives Rs 57 crore ransom demand
- PSU major Oil India, which suffered a cyberattack disrupting its operations in Assam, has received a ransom demand of USD 75,00,000 (over Rs 57 crore) from the perpetrator.
- A case was registered under various sections of the Indian Penal Code and the Information Technology Act, 2000, after the company lodged a complaint with the police.
- The public sector undertaking OIL and the government exchequer have incurred a huge financial loss due to the cyberattack – ransomware, as the business through the IT system has been seriously affected, OIL Manager (Security) Sachin Kumar said in the police complaint.
Ukraine conflict heightens US military’s data privacy vulnerabilities
- Amid the artillery strikes and armored assaults, several quieter aspects of Russia’s invasion of Ukraine require closer attention, including targeted phishing and malicious data mining.
- Russian operators, or at least their supporters, have flooded the inboxes of Ukrainians, particularly military service members, with malware-laden email. This tactic can be used to distribute disinformation and amass personal data to further their effort of compiling lists of Ukrainians for detention and harm.
- Similarly, thousands of text messages have reportedly been sent to local police and military members. This risk is not unique to Ukraine, and U.S. leaders must take steps now to harden the United States and protect its service members against similar tactics.