HSCC Urges Biden to Provide Funding to Bolster Cybersecurity Posture of the Healthcare Sector
The Healthcare and Public Health Sector Coordinating Council (HSCC) has urged President Biden to provide further funding and support to improve the cybersecurity posture of the healthcare sector to improve resilience to cyberattacks. In a recent letter addressed to President Biden and copied to Senate and House party leaders, the HSCC called for more funds to help the healthcare sector deal with cyber threats, improved collaboration between the healthcare industry and government, and for the government to provide a roadmap for making improvements to the cybersecurity readiness of the healthcare sector. Under the American Rescue Plan, the government has made funding available to modernize federal information technology systems to improve resilience against future cyberattacks. $9 billion will be invested to help the U.S. launch major new IT and cybersecurity shared services at the Cyber Security and Information Security Agency (CISA) and the General Services Administration, and $690 million has been made available to CISA to bolster cybersecurity across federal civilian networks;...
Patch Issued to Fix Critical RCE Vulnerability in ZOLL Defibrillator Dashboard
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about 6 vulnerabilities in the ZOLL Defibrillator Dashboard, including one critical 9.9 severity remote code execution flaw. The vulnerabilities were reported to CISA anonymously and affect all versions of the ZOLL Defibrillator Dashboard prior to version 2.2. Some of the flaws can be exploited remotely and require a low level of skill to exploit. Exploitation of the vulnerabilities could allow non-admin users to achieve remote code execution and steal credentials, which would impact the confidentiality, integrity, and availability of the application. ZOLL has confirmed that all 6 vulnerabilities have been fixed in version 2.2 of the ZOLL Defibrillator Dashboard. Customers have been advised to upgrade the solution to version 2.2 or later as soon as possible. ZOLL also explained that in the event of any discrepancy with the Defibrillator Dashboard, the defibrillator device should be considered the source of accurate data. The vulnerabilities are as follows: Vulnerability CVSS Severity...
Five Rivers Health Centers Phishing Attack Affects Almost 156,000 Patients
Ohio-based Five Rivers Health Centers has notified 155,748 patients that some of their protected health information was stored in email accounts that have been accessed by an unauthorized individual following a phishing attack. It is unclear when the breach was discovered, but Five Rivers Health Centers reports that following an extensive forensic investigation into the cyberattack and a manual document review, it discovered on March 31, 2021, that the breached email accounts contained patients’ personal and health information. The forensic investigation confirmed that the email accounts had been breached between April 1, 2020, and June 2, 2020. Notification letters were sent to affected patients on May 28, 2021 – More than a year after the first email accounts were breached. The types of protected health information in emails and attachments varied from patient to patient and may have included one or more of the following data elements: Name, address, date of birth, medical record number, patient account number, diagnoses, treatment and/or clinical information, test results, lab...
Rights of Data Subjects Under GDPR
What are the rights of data subjects under GDPR? Find out more about what GDPR means to data subjects, data controllers, and data processors. The EU’s General Data Protection Regulation (GDPR) came into force on May 25, 2018. The main purposes of the directive are to ensure data protection laws are standardized across all member states and to expand the rights of data subjects. Under GDPR, data subjects have greater control over who collects their data, how the information is used, and for how long. GDPR: Rights of Data Subjects The rights of data subjects under GDPR are detailed in Chapter 3 – Articles 12 to 23. There are eight fundamental rights under GDPR. 1. Right to Access Personal Data Under GDPR, data subjects have the right to access the data collected on them by a data controller. The data controller must respond to that request within 30 days (Article 15). 2. Right to Rectification Data subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16). 3. Right to...
Texas Legislature Passes Bill Calling for State AG to Establish Data Breach ‘Wall of Shame’
The Texas Legislature has followed in the footsteps of California and Maine and has passed a bill that requires the Texas Attorney General to publish notices of breaches of personal data that affect state residents on the state Attorney General’s public-facing website. House Bill 3746, which was unanimously passed, amends the Texas Business and Commerce Code § 521.053 and calls for the Texas Attorney General to publish notifications of data breaches that have affected 250 or more Texas residents and to update the website to include the notification within 30 days of the notification being received. Once a company has been listed on the website, the listing must remain in place for 12 months. The listing will be removed provided the individual or company has not suffered any further data breaches affecting 250 or more Texas residents during that 12-month period. Texas law requires notifications of breaches of system security to be sent to the state Attorney General within 60 days of the breach being discovered. The breach notices must include a detailed description of the nature of...



