GDPR News

Community Health Network in Indiana is the most recent healthcare company to announce the impermissible disclosure of protected health information (PHI) of patients to Google and Meta/Facebook as a result of adding their tracking code on its web pages. Based on the breach report sent to the HHS’ Office for Civil Rights, the PHI of … Read more

Cyberattacks on firms are growing year over year throughout all industry segments. Cyberattacks involving third parties also increased. From the perspective of a cyber threat actor, it is more practical to attack a vendor for instance a managed service provider, because the attack is profitable. The threat actor could acquire access to the networks of … Read more

Texas Tech University Health Sciences Center has reported the compromise of the protected health information (PHI) of 1,290,104 individuals due to a data breach that happened at Eye Care Leaders, its electronic medical record provider. Eye Care Leaders stated it discovered a data breach on Dec. 4, 2021, and deactivated the affected networks in 24 … Read more

A lawsuit has been filed against the in-home respiratory care provider, SuperCare Health, as a result of a cyberattack and data security breach report submitted to the Department of Health and Human Services on March 28, 2022. The incident involved the exposure and possible theft of the protected health information (PHI) of 318,400 patients, comprising … Read more

Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 because information stolen during the attack was shared on the Marketo dark web leak page. … Read more

The protected health information (PHI) of 1,271,642 people was compromised and possibly stolen in two healthcare hacking events that were lately documented by the Department of Health and Human Services’ Office for Civil Rights. PHI of 688,000 Persons Exposed Because of the Sea Mar Community Health Centers Hacking Incident Sea Mar Community Health Centers is … Read more

Horizon House, Inc. based in Philadelphia, PA provides mental health and residential treatment services. It reported a hacking incident that affected its IT systems resulting in the potential compromise of the protected health information (PHI) of 27,823 people. Horizon House discovered suspicious activity in its computer systems last March 5, 2021. It started an investigation … Read more

The personal records of persons who got a COVID-19 test at a Walgreens pharmacy were exposed on the web as a result of vulnerabilities found in its COVID-19 test registration program. It is at this time not clear how many people were affected, though they might well be in the millions given the number of … Read more

The personal information of 750,000 Hoosiers compiled during a COVID-19 contact tracing survey done by the Indiana Department of Health was compromised on the web and downloaded by a firm not approved to gain access to the data. The survey contained details for instance names, birth dates, emails, addresses and data on gender, race, and … Read more

The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, 2018, the GDPR has been in effect giving EU citizens legal rights regarding their personal data and put limitations on … Read more

CaptureRx, the healthcare administrative services provider is dealing with multiple class-action lawsuits for its failure to safeguard patient records, which was gotten by unauthorized people in a February 2021 ransomware attack. NEC Networks, also known as CaptureRx, offers IT assistance to hospitals to help them take care of their 340B drug discount packages. By means … Read more

The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General. The amendment of the Texas Business and Commerce Code § 521.053, now known as House … Read more

A bipartisan group of senators has presented a federal data breach notification law- the Cyber Incident Notification Act of 2021 – that calls for all federal institutions, contractors, and companies that have command over critical infrastructure to report considerable cyber threats to the Cybersecurity and Infrastructure Security Agency (CISA) in 24 hours of knowing about … Read more

The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of 2021 were healthcare ransomware attacks, the same with the public sector attacks. Attacks on professional services companies accounted for 24.9% … Read more

What is Texas HB 300, who needs to follow the legislation, and what are the fees and penalties for failing to comply? This post talks about these and other vital questions regarding Texas HB 300. What is Texas HB 300? The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation that requires healthcare companies, … Read more

Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will be effective on January 1, 2023. The CDPA has similarities with a number of the privacy and security conditions of … Read more

Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last January 2019. On January 8, 2019, Twitter International Company sent to the DPC a breach notification letter. On January 22, … Read more

Irish Internet browser Brave has claimed that they have offered new information to the Data Protection Commission (DPC) in Ireland which proves that Google has been trying to bypass General Data Protection Regulation (GDPR) legislation.  Brave claims that Google has implemented this workaround to share the data of Google users with a network of advertising … Read more

A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was fined 200,000 SEK (€19,000/$21,000) for using facial recognition technology in classrooms for three weeks in early 2018. The study, run … Read more

The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications.  The Irish Data Protection Commission (DPC) has stated that the guidelines aim to help data controllers understand GDPR’s stringent requirements for sending notifications to the data protection authority and subjects whose personal … Read more

Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year.  The incident, which may constitute a breach of the EU’s General Data Protection Regulation (GDPR) breach, has prompted Monzo to advise them to change their PINs. On August 2, Monzo … Read more

The UK Information Commissioner’s Office has fined Marriott International Inc £99 million under GDPR for a data breach that affected seven million UK residents. The ICO released the statement for intention to fine Marriott on July 9, only a few days after the announcement that BA was given a record-breaking £183 million for a data … Read more

British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of more than half a million BA customers, including sensitive information such as login credentials, payment card numbers, names, and addresses. … Read more

The appointment of a data protection officer (DPO) is an essential part of complying with the EU’s General Data Protection Regulations. However, what exactly is the role of a DPO? Moreover, who needs to hire one? In this article, we explore the role of a DPO in helping an organisation achieve their compliance goals. DPO: … Read more

Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in a voice authentication service, introduced in 2017. The callers were asked to repeat the phrase ‘my voice is my password’, … Read more

It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading provider of technological solutions, surveyed over 500 businesses based in the United Kingdom for the report. The data revealed that … Read more

Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to €160,754, for the violation. The maximum fine that can be levied against an organisation for a GDPR violation is 4.5%. … Read more

Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and is thought to have been able to access the data for three months. During this period, hackers could access affected … Read more

The CEO of Microsoft has called for the implementation of GDPR-legislation worldwide to enhance global attitudes to data privacy rights. Microsoft CEO Satya Nadella made the statement during a live interview at the World Economic Forum in Davos Switzerland. He called for world leaders to treat data privacy as a human right, and legislation should … Read more

Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has ruled how Facebook obtains, links, authors, and handles user data gives it an ‘unfair advantage’. Bundeskartellamt stated that Facebook could … Read more

The Health Information Trust Alliance (HITRUST) has incorporated the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST CSF). HITRUST is a US-based organisation which, in collaboration with the healthcare, technology and information security sectors, has established a Common Security Framework (CSF). The CSF offers guidance to organisations across all industries … Read more

A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will see enhanced resources dedicated to the enforcement of the European Union’s General Data Protection Regulation (GDPR). Mozilla is a computer … Read more

The Centro Hospitalar Barreiro Montijo, near Lisbon, Portugal, has become the first hospital to be issued a penalty for violating the EU’s new General Data Protection Regulation (GDPR). The Comissão Nacional de Protecção de Dados (CNPD), the body which oversees issues relating to data protection, prosecuted the Barreiro Montijo hospital for failing to ensure that … Read more

The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in over 70 countries and incorporates hotel brand such as the Park Plaza, Country Inn & Suites, Park Inn, and Radisson … Read more

The General Data Protection Regulations (GDPR) came into effect in the European Union in May 2018. The regulations served to replace the existing regulations covering data protection, which were woefully out-of-date with modern technology and inadequate to deal with major cybersecurity risks. The creators of GDPR hoped that the regulations would reduce the risk of … Read more

Kroll, a data security company, has released the results of a survey which shows that the number of data breaches reported to the UK’s Information Commissioner has increased by 75% since the introduction of the General Data Protection Regulation (GDPR). GDPR became EU law in May 2018. Its introduction revolutionised the data security landscape in … Read more

General Data Protection Regulations became a part of EU law in May 2018. Before GDPR, European data protection laws were deemed unable to mitigate the risk of data theft. Furthermore, individuals had few rights over their data. EU lawmakers sought to revolutionise the data security landscape and introduce new regulations that were more fit to … Read more

A nursing helper from the Parkside Manor assisted-living service in Kenosha, WI. has been sacked for showing a video of a nearly nude 93-year-old Alzheimer’s patient as well as distributing the file on Snapchat. In recent months an unpleasant tendency has developed concerning nurses taking pictures as well as videos of old patients and distributing … Read more