The Risk Report - Feb. 11

Feb 11, 2022 7:54:50 PM | Weekly Report The Risk Report - Feb. 11

It seems that every week we report on a new data breach at a hospital system, and this week is no exception.

Immediate changes are needed if we wish to keep our medical system safe, and it seems that two U.S. Senators agree. Read on to learn more about the legislative solution they have in mind for this growing problem.

 

💳 License to steal

The Washington State Department of Licensing (”DOL”), the state agency responsible for issuing business and professional licenses, announced that a recent data breach may have exposed the personal data of over 250,000 people. In its official statement, the DOL wrote that it first noticed “suspicious activity involving professional and occupational license data” on POLARIS, its online licensing platform, on January 24th of this year.The DOL has temporarily shut down POLARIS and is working closely with the Washington State Office of the Attorney General and Washington Office of Cybersecurity on recovery efforts and a formal investigation.

Read the full story

 

🏥 Vendor woes

The PII of over 6,000 patients of the Memorial Hermann Health System in Texas has been leaked after a third-party vendor of the hospital system suffered a data breach. In its official statement, Memorial Hermann explained that Advent Health Partners, the vendor in question, first discovered the data breach in September of last year while investing suspicious activity on employee email accounts. Advent Health is offering free credit monitoring to those impacted and has set up a toll-free hotline.

Read the full story

 

🗳️ Leaky ballot box

An election management software company used throughout the United States has suffered a data breach that ended up exposing the personal information of Georgia voters. EasyVote Solutions, a private company, first learned of the breach on January 31st and immediately disabled the impacted server. Information potentially accessed includes full names, addresses, and dates of birth. Georgia’s official state voting systems remain secure.

Read the full story

 

👤 Unfriend Europe...jk?

In its latest annual report, Meta warned that it may be forced to shut down Facebook and Instagram in Europe if the EU cannot update its privacy laws to fully accommodate US businesses that operate internationally. Much of this goes back to July of 2020 when the European Court of Justice invalidated Privacy Shield after finding that it inadequately protected the privacy of EU citizens. Since then, companies operating within the EU have had to follow a complex set of Standard Contractual Clauses while a Privacy Shield replacement is developed. Meta is not a fan of this and is clearly growing impatient. Though many within the EU are not appreciative of Meta’s comments, with one lawmaker saying that Facebook “cannot just blackmail the EU into giving up its data protection standard.” After the fire grew too big, Meta took to its own blog to clarify that it is “absolutely not leaving Europe”.

Read the full story

 

💉 Ol' man HIPAA

U.S. Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI) introduced their proposed Health Data Use and Privacy Commission Act this week that would seek to modernize the US’s outdated health privacy laws including the 25-year-old HIPAA. If passed into law, this legislation would establish a commission to conducted formal reviews into existing health privacy laws and provide specific recommendations to Congress and the President.

Read the full story

 

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.

Nate Eldridge

Written By: Nate Eldridge

Nate authors our weekly newsletter at Trustpage. After work, you can find him kayaking. He lives in Connecticut.