Ca: New online breach reporting forms for federal institutions and businesses

From the Office of the Privacy Commissioner of Canada, May 24: The Office of the Privacy Commissioner of Canada (OPC) has launched a new online breach reporting form for federal institutions subject to the Privacy Act as well as updated its online brea… Continue reading Ca: New online breach reporting forms for federal institutions and businesses

LifeLabs to appeal court’s decision to release Ontario IPC and BC OIPC breach investigation report

The Office of the Information & Privacy Commissioner for British Columbia issued the following statement on May 23 about a case that raises issues of transparency and claims of privileged information:  LifeLabs has announced that it is seeking leav… Continue reading LifeLabs to appeal court’s decision to release Ontario IPC and BC OIPC breach investigation report

United Urology Group appears to be a victim of a ransomware attack; some patient data already leaked

United Urology Group describes itself as a national network of urology specialists with corporate headquarters in Maryland. Their network includes Arizona Urology Specialists Phoenix, Arizona Urology Specialists Tucson, Chesapeake Urology, Colorado Uro… Continue reading United Urology Group appears to be a victim of a ransomware attack; some patient data already leaked

SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion

Washington D.C., May 22, 2024 — The Securities and Exchange Commission today announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, in… Continue reading SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion

UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments

“Mother, May I?” UK entities may need permission to make ransom payments. Alexander Martin reports: Officials in Britain are set to propose a major overhaul of how the country responds to ransomware attacks by requiring all victims to repor… Continue reading UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments

HHS launches $50M security initiative to thwart hospital ransomware

Chad Van Alstin reports: The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or … Continue reading HHS launches $50M security initiative to thwart hospital ransomware

SEC amends Reg S-P to require data breach notification within 30 days

Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers with… Continue reading SEC amends Reg S-P to require data breach notification within 30 days

Brazilian Data Protection Authority approves data breach notifying regulation

Cristiane Manzueto, Rodrigo Leal, Ana Letícia Allavato, and Diego Semeraro of Mayer Brown write: Resolution No. 15, of April 24, 2024, of the Brazilian Data Protection Authority (“ANPD”), approved the Data Breach Notifying Regulation (the “… Continue reading Brazilian Data Protection Authority approves data breach notifying regulation

FTC Finalizes Changes to the Health Breach Notification Rule

The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding … Continue reading FTC Finalizes Changes to the Health Breach Notification Rule

Kaiser to notify millions of a data breach after sharing patients’ data with advertisers

Zack Whittaker reports: U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twit… Continue reading Kaiser to notify millions of a data breach after sharing patients’ data with advertisers