Summary
The UK data watchdog is set to fine NHS vendor Advanced for security failures that occurred before the LockBit ransomware attack. These security lapses contributed to the vulnerability exploited during the attack.
The cyber attack had extensive repercussions, impacting the systems for dispatching ambulances, booking out-of-hours appointments, and issuing emergency prescriptions.
In a provisional ruling, the ICO stated that the software provider violated data protection laws by failing to secure personal information for 82,946 individuals.
These records were stolen in a ransomware attack by hackers who accessed Advanced's computer systems through an account that lacked multi-factor authentication (MFA).
Typically, MFA would have prevented cyber criminals from using stolen passwords to gain access.
The stolen data included sensitive information such as phone numbers, medical records, and details on how to access the properties of 890 people receiving home care.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
Data Protection Strategies for Phase III Clinical Trials
Phase III clinical trials require strict compliance with privacy and data protection laws across multiple jurisdictions, including GDPR obligations, local authorizations, and ethics committee oversight. The article outlines practical strategies such as the “funnel approach” to harmonize global frameworks, manage cross-border transfers, appoint Data Protection Officers, and ensure proper informed consent documentation. It also emphasizes the need for local representatives, jurisdiction-specific formalities, and standardized templates to maintain compliance and avoid delays in global studies.
Addressing the Data Protection and Ethical Challenges posed by AI in Health – Part 2
Our latest analysis: U.S. vs EU—AI regulation shaping healthcare’s future.
Interview Paul Chilo Director of Governance, Risk & Compliance at SOPHiA GENETICS - SOPHiA UNITY
