3 Interesting Articles

HCA Healthcare says hackers stole data on 11 million patients
CBS News: HCA Healthcare, a hospital and clinic operator, has suffered a significant cyberattack affecting the data of at least 11 million patients across 20 US states. This breach, one of the largest in healthcare history, has compromised sensitive patient information including names, partial addresses, contact details, and appointment dates. The company became aware of the breach on July 5 when a hacker attempted to sell the stolen data and extort HCA. While the company asserts no medical or financial data was accessed, they have disabled user access to the breached storage location and plan to provide impacted patients with additional support, including credit monitoring and identity protection services. The breach ranks among the top five healthcare hacks reported to the Department of Health and Human Services Office of Civil Rights.

Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack
Wall Street Journal ($): In a story we covered last week, following the recent security breach tied to Chinese hackers, Microsoft has announced it will offer free access to some tools that can help detect cyberattacks. Beginning in September, the company will provide 31 critical security logs free to users of its lower-cost cloud services, and extend security logs’ retention period from 90 to 180 days. The move is a response to criticism of Microsoft’s tiered payment system following the cyber-espionage campaign which infiltrated its cloud-based email system, affecting around two dozen organizations worldwide, including the U.S. federal government. While logs don’t prevent cyberattacks, they allow companies to detect and investigate breaches. Criticisms remain, however, about the delay in providing such essential security features as standard.

This AI Watches Millions Of Cars Daily And Tells Cops If You’re Driving Like A Criminal
Forbes: In March 2022, AI-powered policing led to the arrest of David Zayas for drug trafficking, after an AI tool flagged his driving pattern as suspicious. This case spotlights the increasing use of Automatic License Plate Recognition (ALPR) technology for mass surveillance, sparking privacy concerns. The system used, developed by AI company Rekor, is now employed by at least 23 police departments and local governments across the country. The expanding use of such technology, including by corporations, is raising significant constitutional and privacy issues.

2 Stats You Should Know

According to a 2023 survey on global CISOs, 41% of respondents said their company does not have a succession plan in place for the CISO role. (source)

Organizations with the most advanced security capabilities delivered 43% higher revenue growth than peers over a five-year period. (source)

1 More Thing

Our Founder and CEO, Jordan MacAvoy, recently spoke at ELN’s Cybersecurity, Privacy, and Data Protection Retreat. We wanted to share some key takeaways from his panel discussion:

• Regulation, consumer sentiment, and technology are evolving concurrently.
• The regulatory environment is fragmented, not well understood, and sometimes even conflicting. This creates a lot of confusion
• When the value of a company protecting data (i.e., selling privacy as a feature of the relationship) outweighs using data for its advantage (e.g., cookie tracking to run more efficient acquisition campaigns), companies will make that shift. Consumer sentiment will drive this.
• There must be a true partnership between legal, compliance, and the GTM organization to do this effectively.