-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Mar 29, 2023
> Security updates have been issued by Debian (dino-im and runc), Fedora (qemu), Red Hat (firefox), SUSE (chromium, containerd, docker, kernel, and systemd), and Ubuntu (graphicsmagick, linux-azure, linux-gcp, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and node-url-parse).
> In the wake of the arrest of “Pompompurin,” BreachForums’ self-proclaimed owner and moderator, DataBreaches has been contacted by a number of anxious folks who want to know if they are at risk of being arrested for their own actions.
> Obviously, DataBreaches is not a lawyer or any kind of authority and can’t provide any assurances. But nor does this site feel comfortable sitting back while so many forum users from BreachForums and/or RaidForums spout incorrect information about some U.S. laws.
> There has been a settlement in litigation stemming from a breach previously noted on DataBreaches. Without admitting guilt or wrongdoing, Illinois Gastroenterology Group has agreed to pay an undisclosed sum to settle claims from an October 2021 data breach first disclosed in April 2022. The incident involved unnamed threat actors accessing and exfiltrating data on more than 227,000 patients.
> When an entity has been the victim of a cyberattack, they’d be smart not to discuss the attack via their email system or voice system if those systems could be compromised and the attackers could be monitoring them.
> But you’d think that there would be some records made involving incident response, such as notes or resolutions on whether the entity will pay a ransom demand or whom they are notifying, etc. Could all records be on an external counsel’s server so as to protect it from monitoring and perhaps discovery in any litigation? Perhaps.
> It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours.
> While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector. The CNIL declared patient data as one of its four priority topics for investigations in 2023, and initiated its program with two official warnings issued to organizations conducting medical research (Sponsors) about their GDPR breaches. The CNIL is now more than ever underscoring the significance of compliance with data protection regulations within the realm of medical studies.
> CNIL has always been very attentive to the processing of health data and to their security and confidentiality. It regularly publishes content on its website (practical information sheets, guidelines and binding recommendations), and has also made health data security one of its priority topics for its investigations back in 2020 and 2021. It also regularly supports needs of health data localization within the European Union, for example in guidelines regarding early-access programs and health data warehouses. The CNIL also issues and regularly updates its standards for clinical studies, known as Méthodologies de reference (MR) like MR-001 or MR-003 for research involving human beings or MR-004 for research not involving human beings (e.g., for reuse of health data). The CNIL is now taking its efforts even further, kicking off 2023 with an intensified focus on medical research and patient data protection.
> The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and ethical hackers and security experts need to make their voices heard, says Bugcrowd
> As the second year of the pandemic was nearing an end, employees at Johnson Memorial Health hoped they could catch their breath after dealing with a weeks-long tsunami of COVID-19 hospitalizations and deaths. But on a Friday at 3 a.m., the hospital CEO’s phone rang with an urgent call from the chief of nursing.
> “I remember like it was yesterday,” said Dr. David Dunkle, chief executive officer of the health system based in Franklin, Indiana. “My chief of nursing said, ‘Well, it looks like we got hacked.’”
-- Response ended
-- Page fetched on Sat Jun 1 06:53:58 2024