The Risk Report
The Risk Report - Feb. 11
Immediate changes are needed if we wish to keep our medical system safe, and it seems that two U.S. Senators agree. Read on to learn more about the legislative solution they have in mind for this growing problem.
BREACHES OF THE WEEK
💳 License to steal
The Washington State Department of Licensing (”DOL”), the state agency responsible for issuing business and professional licenses, announced that a recent data breach may have exposed the personal data of over 250,000 people. In its official statement, the DOL wrote that it first noticed “suspicious activity involving professional and occupational license data” on POLARIS, its online licensing platform, on January 24th of this year.The DOL has temporarily shut down POLARIS and is working closely with the Washington State Office of the Attorney General and Washington Office of Cybersecurity on recovery efforts and a formal investigation.
🏥 Vendor woes
The PII of over 6,000 patients of the Memorial Hermann Health System in Texas has been leaked after a third-party vendor of the hospital system suffered a data breach. In its official statement, Memorial Hermann explained that Advent Health Partners, the vendor in question, first discovered the data breach in September of last year while investing suspicious activity on employee email accounts. Advent Health is offering free credit monitoring to those impacted and has set up a toll-free hotline.
🗳️ Leaky ballot box
An election management software company used throughout the United States has suffered a data breach that ended up exposing the personal information of Georgia voters. EasyVote Solutions, a private company, first learned of the breach on January 31st and immediately disabled the impacted server. Information potentially accessed includes full names, addresses, and dates of birth. Georgia’s official state voting systems remain secure.
NOTEWORTHY THIS WEEK
👤 Unfriend Europe...jk?
In its latest annual report, Meta warned that it may be forced to shut down Facebook and Instagram in Europe if the EU cannot update its privacy laws to fully accommodate US businesses that operate internationally. Much of this goes back to July of 2020 when the European Court of Justice invalidated Privacy Shield after finding that it inadequately protected the privacy of EU citizens. Since then, companies operating within the EU have had to follow a complex set of Standard Contractual Clauses while a Privacy Shield replacement is developed. Meta is not a fan of this and is clearly growing impatient. Though many within the EU are not appreciative of Meta’s comments, with one lawmaker saying that Facebook “cannot just blackmail the EU into giving up its data protection standard.” After the fire grew too big, Meta took to its own blog to clarify that it is “absolutely not leaving Europe”.
💉 Ol' man HIPAA
U.S. Senators Bill Cassidy, M.D. (R-LA) and Tammy Baldwin (D-WI) introduced their proposed Health Data Use and Privacy Commission Act this week that would seek to modernize the US’s outdated health privacy laws including the 25-year-old HIPAA. If passed into law, this legislation would establish a commission to conducted formal reviews into existing health privacy laws and provide specific recommendations to Congress and the President.
Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.
DOWNLOAD THE EBOOK
Shift Left: Turn Security into Revenue and join the security revolution.
Join 300+ companies using Trustpage to communicate security.
Following the acquisition of Trustpage by Vanta, the information collected by Trustpage is now governed by Vanta's Privacy Policy.