Healthcare & energy — large-scale personal-data exposure from theft and from mishandling

Two contrasting root causes in one week. Novo Nordisk disclosed the theft of non-public data including personal data after an external party accessed internal systems (§ 5) — a deliberate intrusion against pharma. At the other end, Kyushu Electric's transmission/distribution subsidiary lost an unencrypted portable SSD holding personal records for roughly 10.9 million customers — reportedly Japan's largest personal-data breach, and an entirely preventable one (BleepingComputer; daily 06-14). For utilities and healthcare data custodians the joint lesson is unglamorous: full-disk encryption on removable media is still the control that turns a lost-device headline into a non-event.