fbpx

Download free GDPR compliance checklist!

Tag Archives for " health "

India just had the Biggest Medical Records Breach Ever

In a data breach unprecedented in its scale in India, a large multi-speciality private hospital in Kerala had its complete patient records from the last five years—involving hundreds of thousands of test results, scans, prescriptions, etc—leaked on the internet, all of it searchable by a unique patient ID.

This breach potentially involved several gigabytes of patient data—if not terabytes—documented in many hundreds of thousands of separate files. Most of these medical records included patient names, email addresses and/or phone numbers.

It remains unclear how many weeks or months (or years) these records remained in the public domain.

Source: Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever | ORF

Vaccine passports: what are they and do they pose a danger to privacy?

Vaccine passports, which would allow people with immunity to Covid to prove they were at low risk of spreading the disease, are being investigated by companies and countries around the world. But the proposals have also raised fears among critics that they could underpin an oppressive digital ID system, and put sensitive medical records in the hands of authorities and employers.

Despite the name, a vaccine passport is not a piece of paper; instead, in the most developed versions of the idea, it is an app or similar system that can prove the bearer has been vaccinated, tested positive for Covid antibodies, or recently received a negative test. There would be no need to build and operate a privacy violating centralised database.

Source: Vaccine passports: what are they and do they pose a danger to privacy? | Society | The Guardian

Should Amazon’s drugstore know your medical condition?

The new Amazon Pharmacy offers customers convenience and potentially lower prices. But experts warn that users could be jeopardizing their privacy.

For many consumers, this represents greater convenience and the possibility of paying less for prescription drugs. It also means what little privacy you have left is rapidly disintegrating.

Full article: Should Amazon’s drugstore know your medical condition? – Los Angeles Times

A Hacker Is Threatening to Leak Patients’ Therapy Notes

An extortionist has turned a breach of Finland’s Vastaamo mental health services provider into a nightmare for victims.

It seems that Vastaamo had at least one exposed database of patient information that was breached in November 2018 and likely again in mid-March 2019. It is unclear how many patients were affected, but the National Bureau of Investigation said on Sunday that the number could be in the tens of thousands.

The hacker or hackers running the extortion campaign have been demanding 200 euros’ worth of bitcoin, about $230, from victims within 24 hours of the initial ask, or 500 euros ($590) after that, or else they’ll make their information public. A hacker persona “ransom_man” has set up a site on the anonymous web service Tor that already lists leaked data from at least 300 Vastaamo patients. Finnish media reports also indicate that Vastaamo has received a demand for around $530,000 worth of bitcoin to keep the stolen data out of the public domain.

Source: A Hacker Is Threatening to Leak Patients’ Therapy Notes | WIRED

Hospitals And VA Clinics Use Facial Recognition And Palm Scanners To Track Patients

Massachusetts area hospitals and VA clinics have begun installing Xecan facial recognition cameras to identify and track patients.

According to Xecan, they have been providing ‘touchless clinic technology’ to hospitals and clinics for at least ten years. What makes Xecan so unique is using ‘immunocompromised cancer patients’ and COVID-19 together to justify using facial recognition in hospitals.

Source: Hospitals And VA Clinics Use ‘Xecan’ Facial Recognition And Palm Scanners To Track Patients | MassPrivateI

Global AI fight heats up over health data

Spat over a Microsoft health data project highlights growing European distrust of U.S. tech.

The French government made that clear last week, when it said it wanted to move control of an effort to centralize the country’s health data project away from the American tech giant Microsoft and into the hands of a French or European platform.

The attention to health data underscores the increasing politicization of questions about who owns private information about European consumers, after the European Court of Justice struck down a framework for sharing data between the European Union and the United States known as the Privacy Shield.

It also comes as governments around the world race to develop new artificial intelligence technology — and grapple with how to regulate it. The EU is set to present rules on AI early next year, and must confront a risk inherent to rule-making: making regulation that quickly becomes obsolete.

Full article: Global AI fight heats up over health data – POLITICO

UK police get access to people told to self-isolate

People who have been told to self-isolate through NHS test and trace could have their contact details passed to police, a move some fear could deter people from being tested for coronavirus.

Police forces will be able to access information about people “on a case-by-case” basis, so they can learn whether an individual has been told to self-isolate, the Department of Health and Social Care (DHCS) said.

Source: Police get access to people told to self-isolate by NHS test and trace

France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers

France’s data regulator CNIL has issued some recommendations for French services that handle health data, as Mediapart first reported.

Those recommendations follow a landmark ruling by Europe’s top court in July. The ruling, dubbed Schrems II, struck down the EU-U.S. Data Privacy Shield. Under the Privacy Shield, companies could outsource data processing from the EU to the U.S. in bulk. Due to concerns over U.S. surveillance laws, that mechanism is no longer allowed.

The CNIL is going one step further by saying that services and companies that handle health data should also avoid doing business with American companies — it’s not just about processing European data in Europe. Once again, this is all about avoiding falling under U.S. regulation and rulings.

Source: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers | TechCrunch

Alphabet’s Verily Plans to Use Big Data for Health Insurance

Verily, the Alphabet Inc. life sciences unit that’s previously targeted mosquito-borne illness and launched Covid-19 testing programs, is getting into the health insurance business.

Company announced a new subsidiary named Coefficient Insurance that will also be backed by Swiss Re Corporate Solutions, the commercial insurance unit of Swiss Re Group. The company will sell stop-loss insurance, a type that helps cover unexpectedly large claims against employers who self-fund their health-benefit policies.

Source: Alphabet’s Verily Plans to Use Big Data for Health Insurance (1)

Germany Prepares New Law for Patient Data Protection

On 3 July 2020, the German parliament passed a draft bill for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020.

One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.

Source: Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes

1 2 3
>