"We cover news and updates from the digital world with information on the latest legislation, high profile cases and changes in the online industry."
Although many businesses and organisations should have in place a security team and a ‘data breach preparedness plan’, it is said that many do not review, update, or actually practice it.
I then ask: what’s the point of having such a plan?
Reports suggest that ransomware attacks are rapidly rising across the globe.
It’s not your typical ‘newspaper-clipping ransom’ that attackers are deploying, but the hacking is sophisticated and aggressive, and often uses clever malicious software.
These ransomware attacks against businesses are reported to be four times higher than last year, and when businesses are locked out of their own systems, it’s often cheaper just to pay the ransom and get back up and running.
Time is money: cyber criminals are exploiting this extremely well…
There is a clear question about an abuse of power here, as well as the fact that this amounts to a potential breach of supposedly secure data.
Police Constable Andrew Green accessed a number of intelligence systems in which he had been prohibited access from previously. It’s reported that a ‘software glitch’ allowed PC Green access to the system he wasn’t supposed to be able to get in to, which is serious enough; but this also raises questions about the cyber-security of the system, and how PC Green could even have access to the system again at all.
The NHS are fast becoming a target and a victim of cyber-theft.
With reports from Reuters suggesting that medical records are worth ten times that of banking details, it does not come as a surprise that cyber-criminals are targeting these kinds of personal details.
There were reports of 30 “ransomware” attacks in the past 12 months towards healthcare trusts, which is very concerning when you note that healthcare trusts stores millions of patient details across the UK.
In the modern age of technology, personal data is being passed around like a hot plate. Some information can be very valuable – like the information of someone who has been the victim of a car crash, and is entitled to compensation; and entitled to have a legal representative who can recover fees.
Our firm is proud to have NEVER paid referral fees or money to claims management companies or insurers for work, even before they were banned in April 2013, and now the rules have changed and banned the payment of referral fees, a black market has developed in its place.
Following the year of 2015, which was dubbed ‘the year of hack’ with companies like Yahoo and Sony falling victim to huge hacking scandals, Tom Ridge, the former secretary of the Department of Homeland Security, said that a cyber-attack can be “far more serious” than a physical attack.
It seems like an outlandish claim, but when so much information can be reaped from a hack – which could literally ruin a person’s life, in theory – is he, perhaps in some circumstances, right?
The healthcare sector has the most data leaks than any other sector, and is often targeted by hackers because of the richness of the data that the healthcare sector has. Once hackers have hold of our data, it can be used to make huge amounts of money through various scams or through sale to marketing lists.
So it’s no wonder that hackers are eyeing up the healthcare sector for a potentially valuable payday.
In the first half of the 2015, the UK reportedly suffered the most data breaches in Europe in 2015 according to data from Gemalto.
The SIM card and digital security vendor claimed in their Breach Level Index report that 63 breaches took place in the UK in the first six months of 2015. Germany came next with 8, followed by the Netherlands with 6.
However, it only equated to 3.4% (8.3 million) of the global total of 246 million breaches. In comparison with America, who equated to 49%, and Turkey with 26%, the UK pales in comparison; but the figures are still very high.
In recent years, hacks and leaks have increased at an extraordinary rate. Although most data breaches still occur within the healthcare sector, the utilities sector remains one of the biggest culprits as well. The TalkTalk data hack last year is still fresh in our minds, and we’re assisting people making claims off the back of that particular hack.
Another one was the 2015 British Gas leak where the email addresses and passwords of 2,200 of its customers appeared online.
An NHS Trust in Blackpool was fined £185,000 when confidential details of staff members were posted online. On top of the breach itself, The Trust also failed to take proper action on the data breach for almost a year.
The information that was posted online by The Trust included names, birth dates, and national insurance numbers, along with other information like sexual orientation, ethnicity, religious beliefs, and pay scales. The information that was posted was of 6,574 both past and present employees.
A data sharing project called “care.data” was a scheme that allowed GP and hospital data to be stored and shared within the NHS, and possibly with third parties as well. It was supposed to launch in 2014 but has been heavily delayed due to privacy concerns.
Now, the project is being terminated all together, thanks to the Department of Health in England.
So, with all the NHS breaches and leaks – with medical breaches still being far ahead of the tables in terms of breaches by sector – is this a good thing? Have we just dodged a huge data breach bullet?
A serious data leak occurred at a GP surgery which resulted in an ICO investigation and a fine.
Mr A was the estranged ex-partner of the mother of his 5 year old son (Child B). The practice had been warned by the child’s mother not to let Mr A know of the whereabouts of Child B and her family because of family problems. This information was noted on the child’s medical records.
However, Mr A made a request to have the child’s medical records and provided a court order to show that he had parental responsibility. The practice did not have an adequate written procedure on how to deal with such a case, which resulted in Mr A being sent all of Child B’s medical records four days after the request had been made.