Cyber 3-2-1: Two fines from the DPC and EUROPOL’s concerns about ChatGPT

Cybersecurity Without Insanity? It’s as simple as 3 – 2 – 1…

This week: Two more fines from the DPC and now even EUROPOL is worried about ChatGPT.

 

3 – Centric Health is fined €460k by the DPC

Centric Health, an Irish medical group with about 400,000 patients, has been fined €460,000 by Ireland’s data protection regulator, the Data Protection Commission (DPC), following the “the inadvertent destruction of about 2,500 patient files and other data deletions” that occurred during a cyber attack.

According to a report in the Wall Street Journal, the organisation was the victim of a ransomware attack in 2019. The attack resulted in the records of 70,000 patients being temporarily unavailable. Due to problems with the organisation’s backups, the records of 2500 patients were unrecoverable and had to be manually recreated. During its efforts to recover from the attack, crucial logging data was also deleted, reducing the organisation’s ability to identify when the attackers gained access and whether any data had been stolen by the attackers.

Brian Honan of BH Consulting is quoted in the article as saying that this was “a combination of poor incident response and data breach response practices combined with a lack of good backup [..] Your responsibilities in dealing with the GDPR aren’t just about prevention [..] It’s also about how you respond and protect the rights of individuals once a breach has happened.”

Dealing with a cyber attack is stressful. Dealing with a data protection investigation is a different type of stress, which tends to be even more prolonged than the original attack.

I can help if you need to check that you have appropriate measures in place to reduce the likelihood and impact of an attack.

 

2 – Bank of Ireland is fined €750k by the DPC

Bank of Ireland has been fined €750k by the Data Protection Commission following an investigation into 10 data breaches involving the bank’s online banking system & app.

According to a report by RTE, it appears that flaws in the Bank’s technology and processes resulted in users of the online banking platform having access to other people’s accounts. In total, 136 accounts were involved in the breaches, which did not result in any financial losses to the account holders.

Not all data breaches arise from cyber attacks. Not all cyber risks come from cyber attackers.

 

1 – ChatGPT makes everyone better, including cyber criminals.

EUROPOL, the EU’s law enforcement agency, recently issued a report that warns us that fraud, cyber crime, and disinformation will all become easier because of innovations like ChatGPT.

As reported recently in The Journal, EUROPOL warns that “ChatGPT’s ability to draft highly realistic text makes it a useful tool for scammers [and] can be used to mimic language patterns and style of speech. [..] In addition to generating human-like language, ChatGPT is capable of producing code in a number of different programming languages. ”.

Let’s be careful out there.

 

PS To listen to Cyber 3-2-1 and a roundup of my other articles this week, all episodes are accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.