Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label GDPR obligations. Show all posts
GDPR obligations
Compliance Compliance Management Customer Trust Cyber Security GDPR GDPR Breach GDPR compliance GDPR obligations

Delve Faces Allegations of Fake Compliance Reports and Security Gaps Amid Customer Backlash

 

A whistleblower-style article on Substack has thrust Delve into scrutiny, alleging it misrepresented its alignment with key privacy frameworks like GDPR and HIPAA. Though unverified, the claims suggest numerous clients were led to believe they met regulatory requirements when they might not have. With little public response so far, questions grow over how thoroughly those assurances were vetted before being offered. 

Some affected firms could now face fines or lawsuits due to reliance on Delve’s stated compliance. Details remain sparse, yet the situation highlights vulnerabilities in trusting third-party validation without deeper checks. A report surfaced online, attributed to someone using the name “DeepDelver,” said to have ties to one of the firm’s past clients. Following claims of a security lapse exposing private documents, unease started spreading among users. 

While executives at Delve stated there was no external breach of information, trust started fraying regardless. Questions about stability emerged even though official statements downplayed risk. Some say Delve speeds up compliance using methods that stretch credibility - like creating fake board minutes, false test results, or made-up operational records. Reports appear ready long before audits begin, prepared ahead of time without clear verification. 

A small circle of auditing partners handles most reviews, which invites questions. Close ties between these firms and Delve blur lines. Oversight might be weaker than it should be. Doubts grow when proof of activity emerges only after approval deadlines pass. What stands out is how clients reportedly faced pressure to use ready-made documents instead of carrying out their own compliance checks. 

It turns out the platform might have displayed public trust pages outlining security measures that weren’t entirely in place, leaving regulators and others possibly misinformed. Delve hit back hard at the allegations, labeling the document “misleading” while pointing out factual errors. What followed was a clear distinction: certification isn’t something they deliver. Their role? Streamlining compliance information through automated systems. Independent auditors - licensed professionals - not Delve sign off on final evaluations. 

These third parties alone hold responsibility for approved documentation. Organization of data is their core function, nothing more. Not long ago, Delve dismissed accusations about fabricated proof, explaining it offers uniform templates so users can record procedures - much like peers across the sector. Clients decide independently whether to pick external auditors or go with those linked to its ecosystem. Still, the unnamed informant insisted several issues linger - audit independence, how data is secured. 

Yet more allegations emerged; outside analysts pointed to weak spots in Delve’s setup, adding pressure. Scrutiny grows. With every new development, questions about reliability begin to surface more clearly. Though designed to assist, these systems now face scrutiny over openness and responsibility. Where once efficiency was praised, doubt has started to take hold instead.
Read more »
sensitive healthcare data
Cyberattack Data Breach GDPR obligations health insurance companies privacy watchdog Ransomware attack sensitive healthcare data

Privacy Watchdog Issues Warning

 

Information about over 33 million individuals in France, roughly half of the nation's population, was compromised in a cyber assault after January, as per statements from the country's data protection authority.
The Commission Nationale Informatique et Libertés (CNIL) disclosed this development recently after being notified by two healthcare insurance firms, Viamedis and Almerys.

The agency cautioned that the breached data, impacting policyholders and their families, encompasses details such as "marital status, date of birth, social security number, the name of the health insurer, as well as the guarantees of the contract."

Thankfully, unlike the situation involving Australian health insurer Medibank, sensitive medical records and treatment histories were not accessed.

CNIL emphasized that the responsibility lies with the health insurance firms to inform the affected parties. However, individuals are advised to remain vigilant against potential phishing schemes aiming to defraud them.

While the contact information of policyholders remained untouched, CNIL highlighted the possibility of combining the breached data with other previously compromised information for further malicious activities.

In light of the magnitude of the breach, CNIL swiftly initiated investigations to assess the adequacy of security measures implemented both before and after the incident, in alignment with GDPR obligations.

Failure of the implicated companies to adhere to cybersecurity protocols mandated by the EU's GDPR could result in penalties of up to €20 million or 4% of their global revenue, whichever is greater.

The ransomware attack on Medibank stirred considerable distress in Australia when the perpetrators began disclosing sensitive healthcare claims data for approximately 480,000 individuals, including details on drug addiction treatments and abortions, for extortion purposes.

Last month, Australia, the United Kingdom, and the United States publicly attributed the attack to Russian hacker Aleksandr Ermakov, imposing financial sanctions and travel restrictions on him.
Read more »
Subscribe to: Comments (Atom)