At a glance.
- Data exposure affects British law firms.
- Patient-centric medical data security.
- Contact tracing issues in India and the UK.
Data exposure affects law firms.
TurgenSec reports finding an exposed database belonging to Advanced Computer Software Group Limited (a large IT services and cloud provider in the UK whose customers include a number of law firms). The data included personally identifiable information about the staff at nearly two-hundred law firms. There was apparently also some client data exposed.
Patient-centric medical data security.
An essay Aaron F. Brantly (assistant professor in the Department of Political Science at Virginia Tech and a contributing expert on the Cyberspace Solarium Commission) published in the Council on Foreign Relations blog argues for a "patient-centric" approach to securing healthcare data. The challenges of healthcare data security and privacy are manifold. While there are various regimes in place that specify rules for handling such data (the General Data Protection Regulation (GDPR) in Europe, for example, and the Health Insurance Portability and Accountability Act (HIPAA) in the US, to mention two of the more prominent regulations) there are features of healthcare technology, practice, and economy that render such data especially difficult to safeguard.
Connected technologies are increasingly important to the practice of medicine and the delivery of healthcare. The ability to collect and use data has grown considerably (with some of that collection even driven by compliance with protective laws and regulations). And medical devices, especially implanted devices and imaging systems, suffer from all the familiar vulnerabilities associated with the Internet-of-things: proprietary software, the difficulty of patching, and the requirement that data they generate be quickly available to medical practitioners.
The essay summarizes its recommendations for patient-centric data handling: "Patient-centric approaches to health-care cybersecurity should focus on increasing transparency of how patient data is used and protected, ensuring interoperability of different health-care devices, and streamlining patches and updates to digital health systems."
Contact-tracing issues in India and the UK.
Privacy advocates continue to express concerns over COVID-19 contact tracing systems. In the UK, ComputerWeekly reports, the issue is centralized data collection, with attendant concerns that the data will present a difficult-to-resist temptation to misuse. In India, according to WIRED, the concerns are also twofold: the use of geolocation data as opposed to proximity sensing opens up the possibility of more surveillance than users would wish, and the government's contact-tracing app itself has been reported to be leaky.