At a glance.
- Reasonableness and a duty of care with respect to data.
- Alt-coin, libertarians, and the Feds.
- Nth-party risk and healthcare data.
Reasonable or unreasonable? That is the question.
Reuters asks, what’s the definition of the word “reasonable” when used in the context of security measures? From the US Federal Trade Commission’s consumer data protection laws to the EU’s General Data Protection Regulation, many recent government regulations rely on this seemingly vague term when describing recommended cybersecurity protocols. In the wake of the surge of recent ransomware attacks across the globe, the White House released a memo advising businesses on tactics for improving their data practices, and these guidelines could be an indicator of what measures are deemed reasonable. Recommendations include best practices from President Biden’s Executive Order 14028 like employing multifactor authentication, hiring a devoted cybersecurity team, securing data backups, and staying up to date on patches and other system updates.
A tale of libertarianism and cryptocurrency.
The Verge recounts the wild story of an underground bitcoin marketplace operated by a band of libertarians in a small town in the US state of New Hampshire and how it was dismantled by federal police. Authorities assert that the operation, headed up by a talk radio host named Ian Freeman and complete with a Bitcoin Embassy and Bitcoin dispensers scattered about the town, was really a money laundering scheme used to process millions of dollars annually. But Freeman and his comrades saw themselves as pioneers of the libertarian movement and an integral wing of New Hampshire’s Free State Project. “The defendants were a loosely affiliated group of people with libertarian political leanings that included a strong belief that Bitcoin was a great development for those who champion human freedom,” the defense filing states. A years-long police investigation ended in a police raid involving armored vehicles, law enforcement drones, and a tactical assault team dressed in fatigues, and resulted in the arrest of Freeman and several of his partners. The incident and the fallout highlights how blurry the line can become between activism and cybercommerce when cryptocurrency transactions conceal the origins of the funds being exchanged in order to protect the privacy of the individuals involved.
Patient data breach stems from healthcare consultant’s vendor.
WFMZ reports that Lehigh Valley Health Network (LVHN), a medical system based in the US state of Pennsylvania, suffered a third-party data breach -- or perhaps more accurately, fourth-party -- that resulted in the exposure of patient data. Consulting firm Guidehouse, which provides services to LVHN, learned that a vendor it employed experienced a data breach that, like a digital game of dominoes, exposed Guidehouse’s data, and in turn, the data of LVHN patients. It’s worth noting that Guidehouse, which has since stopped working with the vendor in question, learned of the incident in March but did not inform LVHN until June, and it’s unclear why they waited so long. The compromised data includes patient medical record numbers, diagnoses, and billing information.