South Korea Passes AI Basic Act - 1

Image by Ori Song, from Unsplash

South Korea Passes AI Basic Act

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

On December 27, the South Korean government announced its leadership role in the “Trust in AI” session at the upcoming Paris AI Action Summit, scheduled for February 10, 2025, as reported by Business Korea (BK).

In a Rush? Here are the Quick Facts!

  • The AI Basic Act mandates watermarks on AI-generated content to tackle fake news and deepfakes.
  • South Korea advanced the act’s subordinate legislation deadline to June 2025 for faster enforcement.
  • Experts stress the need for private investment and reforms to support AI innovation in South Korea.

The event follows the AI Seoul Summit held earlier this year, reinforcing South Korea’s growing influence in shaping global AI regulations.

BK notes that the announcement came just one day after the passage of the AI Basic Act in South Korea’s National Assembly, marking a milestone in the nation’s efforts to regulate artificial intelligence technologies.

The act seeks to boost the reliability of AI through measures like mandatory watermarks on AI-generated content to address challenges such as fake news , deepfakes , and copyright infringement , says BK.

The Ministry of Science and ICT has been tasked with enforcing compliance, including conducting investigations and issuing corrective actions for violations . In a display of urgency, the government has advanced the timeline for implementing subordinate legislation from December 2025 to June 2025, reports BK.

Kim Myung-joo, director of the AI Safety Research Institute, highlighted the necessity of domestic regulatory frameworks. “It is more efficient to solve problems domestically first with the AI Basic Act and preemptive regulations before going overseas,” Kim noted, as reported by BK.

The Paris AI Action Summit, expected to be a cornerstone event in global AI governance, will explore a code of conduct aligned with the European Union’s AI Act , which classifies AI systems based on risk levels.

CCN notes that both frameworks adopt a risk-based approach to AI regulation, categorizing AI systems according to their potential impact on human rights and safety, with more stringent rules applied to high-risk or high-impact applications.

They also prioritize transparency, ethical standards, and the creation of oversight bodies to promote responsible AI development, as reports by CCN.

BK reports that an official from an AI company emphasized the importance of guidelines, stating, “Technology cannot develop alone without guidelines,” as reported by BK.

BK notes that despite these advancements, experts warn that regulation alone is insufficient to drive innovation. Lee Kyung-jun, an AI expert, pointed out that fostering private investment and supporting startups is essential for the sector’s growth.

He called for broader institutional reforms, such as revisions to workweek policies and enhanced tax incentives. “The key to fostering the AI industry is attracting private investment and promoting deep-tech startups like OpenAI,” he said, as reported by BK.

South Korea is also addressing AI’s infrastructural needs through the proposed Special Act on Expanding the National Power Grid, aimed at meeting rising energy demands.

The AI Safety Research Institute is collaborating with the European Union to establish mutual certification systems, facilitating the international launch of Korean AI services, says BK.

Ransomware Attack Exposes Data Of Over 400,000 At American Addiction Centers - 2

Image by Getty Images, from Unsplash

Ransomware Attack Exposes Data Of Over 400,000 At American Addiction Centers

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A ransomware attack on American Addiction Centers (AAC) in September exposed the sensitive information of over 400,000 individuals, as reported by The Record .

In a Rush? Here are the Quick Facts!

  • Over 400,000 individuals’ data was exposed in a ransomware attack on AAC.
  • Sensitive data, including Social Security numbers and health insurance details, was compromised.
  • Rhysida ransomware gang claimed responsibility for the attack.

The Record reported that the breach impacted 422,424 people, compromising data such as Social Security numbers, addresses, phone numbers, and health insurance details. Payment card information and treatment records were not included.

The healthcare provider, which operates addiction rehab facilities across eight states, started sending breach notification letters before the holiday season.

AAC filed breach notices in Texas and California, where more than 26,000 individuals were affected. The incident came to light on September 26, when AAC discovered it was facing a cybersecurity breach. An investigation revealed that hackers accessed and stole data between September 23 and 26, as reported by The Record.

The Record reports that although the company has not confirmed the attack’s nature, the Rhysida ransomware gang claimed responsibility on November 16. Rhysida is notorious for targeting U.S. healthcare networks , including a children’s hospital in Chicago and a large hospital network last year.

The Record notes that Rhysida’s ransomware-as-a-service operations have caused extensive damage throughout 2024. High-profile incidents include attacks on Seattle and Columbus, Ohio, causing widespread disruptions, and an attempted $1.3 million extortion from nonprofit Easterseals in October.

AAC has yet to comment on the breach or the alleged ransomware attack. Law enforcement and cybersecurity experts are working to address the incident, said The Record.

The attack highlights the escalating threat ransomware poses to the healthcare sector, which faces both operational and reputational risks. Recently, several healthcare providers have been targeted in cybersecurity incidents.

Healthcare organizations are prime targets due to weak security and the highly valuable data they store. Leaked information can be exploited for health identity fraud, enabling attackers to access prescription medications, as noted by Cyber News .

For example, in October, over 100 million Americans’ healthcare records were stolen in a ransomware attack on Change Healthcare. Around the same time, India’s largest health insurer , Star Health, was targeted, resulting in a data leak and a $68,000 ransom demand.

Earlier this year, 23andMe, a popular genetic testing service , alerted customers of a breach where hackers used credential stuffing to steal sensitive data, including genotype and health reports.

In November, the WHO issued a warning about the surge in ransomware attacks on healthcare systems, emphasizing that these attacks are not just security breaches, but life-or-death risks . The increasing frequency of such incidents costs the industry billions annually, underscoring the need for global cooperation to improve cybersecurity