Top News –Over 1M American's patient records exposed, HIPAA violation sees $350K settlement and more
€380,000 fine imposed by CNIL
French DPA issued a massive fine on Doctissimo, a French health and well-being site, for violating the GPDR and the French Data Protection Act. It was found that the company retained information for longer than necessary, failed to obtain consent for the collection of health data, failed to provide a formalized document for the processing activities conducted jointly with other companies, failed to properly secure data, and for failing to obtain consent while depositing cookies. Read more
Fertility App shared health data with third parties without consent
The Federal Trade Commission alleges that Easy Healthcare, the developer of Premom, a fertility tracking application shared sensitive information pertaining to sexual and reproductive data, including the pregnancy state of customers, with parties for marketing and other purposes. Easy Healthcare has since agreed to pay $100,000 as a civil penalty. Read more
CNIL to take charge of AI action plan
A four-step action plan that will cover the understanding of AI technology, guidance of its development, creation of an AI ecosystem, and control of its systems has been published by the French DPA, CNIL, given the rise in the use and popularity of AI, especially generative AI as seen with ChatGPT. Read more
Over 1 million patient records exposed
U.S. healthcare software company NextGen Healthcare Inc. suffered a data breach that resulted in over 1 million patient records being compromised. Exposed data consisted of identification details such as names, addresses, social security numbers, financial details, and medical and treatment history information. It was alleged by a cyber security expert that the breach occurred due to the failure on the part of the company to properly protect patient information. However, NextGen Healthcare attributes the breach to a third party. Read more
$350,000 settlement reached over HIPAA violation
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) reached a settlement with MedEvolve, Inc., for violating HIPAA after a data breach exposed the health data of over 200,000 customers. It was found that there weren’t measures in place to determine vulnerabilities and to protect data stored electronically. Read more
