When we look at important topics such as NHS cybersecurity, we usually approach it from the perspective of the victims, given that we’re data breach compensation lawyers.
GDPR ensures that there’s an important duty on all organisations – including the NHS – to take steps to protect the data that they store and process. Their duties are clear, and the punishments that can be issued by the ICO (Information Commissioner’s Office) are also clear, and they can be substantial.
But what about the victims? What can they do when it’s their data that has been exposed or misused? What are their rights?
The leak of hundreds of millions of email addresses and passwords – known as Collection #1 – is a stark and alarming wake-up call.
The 87gb file that was published contained data that’s said to have been gleaned from a number of different hacks and attacks over several years. It serves as a monumental wake-up call for those who are guilty of reusing the same login credentials across different platforms, and for those who haven’t changed their passwords for years and / or use rubbish passwords.
Criminals have the technology to use data from these hacks to systematically target accounts with very little effort. People are in imminent danger.
Recent security research has revealed that financial data breach uncertainties remain a concern, with worrying figures in 2017 over breaches and protection.
It’s thought that as many as 70% of financial organisations may have suffered a data breach, with many simply unable to confirm for definite whether they have or haven’t, and whether the breach was related to an unauthorised third-party access event.
The growth of open banking is said to be a huge factor as financial organisations no longer have a closed door on their systems and servers with customers being able to access and manage their finances online.
Data breaches are soaring, and only better cybersecurity and improved data protection training and protocols is going to stop the crisis worsening.
Almost every day we are seeing yet another breach somewhere around the world. With cyber-criminals getting smarter, and with many investing their ill-gotten gains back into their “business” to create more powerful tools, something needs to be done.
The new GDPR rules coming into force next month may be the catalyst needed for organisations to take cybersecurity more seriously.
Read More “New GDPR rules could see reported data breaches soaring”
A children’s paediatric health centre has been hacked with a wealth of personal data exposed.
Unusually, the hackers created multiple unknown user IDs to access information and no ransom was actually demanded. That being said, healthcare data can be very valuable in itself, so locking an organisation out their own systems to then mine the data is still a crime that may pay dividends to attackers.
Read More “Dhrama ransomware attack on Texas child healthcare provider compromises thousands of patient data.”