Data Breach

News & Analysis as of

OMB Issues Guidelines for Preparing for and Responding to PII Breaches

On January 3, the Office of Management and Budget (OMB) issued Memorandum M-17-12, which clarifies how federal agencies should prepare for and respond to data security breaches involving personally identifiable information...more

You Asked: Can My Employees Hack My Company?

Yes! Employees and other insiders – think Edward Snowden – can, and in fact, do play a role in most data breaches or cyber-security incidents. Companies must ensure their data protection policies include not only training but...more

Mapco Express pays $1.9 Million in Data Breach Settlement

A Tennessee federal judge has approved a proposed settlement of up to $1.9 million to be paid by Mapco Express to individuals affected by a payment card data breach that occurred in 2013. Two banks alleged that Mapco...more

Health Care E-Note - January 2017

On October 4, 2016, The Centers for Medicare and Medicaid Services ("CMS") released the final rules regarding the requirements of participation for skilled nursing facilities. One of the most significant changes to the...more

Employer Did Not Owe Legal Duty to Protect Employees' Hacked Personal and Financial Records

University of Pittsburgh Medical Center (UPMC) maintained a human resource database containing current and former employees' names, dates of birth, social security numbers, tax information, addresses, salaries, and bank...more

Looking Back at Predictions That I Made Three Years Ago, Part 2: eDiscovery Predictions Revisited

Earlier, I took a look back at two posts that comprised six eDiscovery predictions for 2014 that I wrote three years ago. I thought it might be fun to look back at those posts to see how those predictions fared. I covered...more

Looking Back at Predictions That I Made Three Years Ago: eDiscovery Predictions Revisited

Sometimes, in addition to the many other resources that I use to look for blog post ideas, I like to look back at my old posts from the past to see if there’s a topic that warrants a fresh look. When I did that yesterday, I...more

Vendor Causes Breach of Over 5,000 Patient Records

The continued risk that vendors pose to companies, including health care entities cannot be overemphasized. This week, Sentara Healthcare (Sentara) announced that one of its third-party vendors was the victim of a...more

What’s the deal with data breach insurance

A recent Investment News article highlighted a burgeoning market for financial advisors looking to protect their practices; namely, data breach insurance. Although such insurance seems like a great idea, you need to exercise...more

Cybersecurity and Privacy Policy as a Board of Directors Issue

Cybersecurity and privacy of customer information have become such a critical issues that in-house counsel should treat them as board of directors-level issues. In-house counsel should do that with presentations for their...more

The Anthem Breach – A Retrospective

Many people and news outlets have opined, weighed in, and informed the public about the 2015 Anthem breach. It is still a hot topic in January 2017, because it currently lines up with other hot stories about hacking ordered...more

Los Angeles Community College Pays Ransomware to Retrieve Data

On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return. The ransomware encrypted the college’s entire network system, including...more

Constitutional Standing Provides Fertile Battleground In Data Breach Litigation

A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss...more

Cybersecurity Incident Response: Who You Gonna Call?

Who should you call when you suspect, or are certain of, a data breach? Data breaches and other cybersecurity incidents have become of a fact of life. Yahoo! recently disclosed that data for over one billion users was...more

Federal Agencies Given New Breach Response and Preparation Guidelines

The White House has made a step toward implementing in federal agencies some breach response best practices currently used in the private sector. On Jan. 3, the White House issued a memorandum (Memo) updating for the first...more

Employment Law Navigator – Week in Review: January 2017 #3

Last week, there were developments in two cases in different Pennsylvania courts involving employer liability—or lack thereof—for data breaches involving employee personally identifiable information (PII). A Pennsylvania...more

Can a PA Employer be Liable to its Employees for a Data Breach?

It’s a nightmare scenario for any employer: you’ve been hacked. Thousands of your employees’ names, birthdates, Social Security numbers, and bank account information have been stolen. This information is used to file...more

Studies Show Ransomware up 6,000% and Reaps Billions and Phishing Emails are Used in 91% of all Cyber-Attacks

A recent IBM study shows that ransomware increased 6,000 percent in 2016 over 2015. According to the report, ransomware was present in almost 40 percent of all spam email messages....more

U.S. Military Special Operations Command Workers’ Data Exposed by Vendor

Military personnel continue to be victimized by data breaches. This time, the personal information of healthcare workers employed by Potomac Healthcare Solutions (Potomac), who work for a U.S. Special Operations Command were...more

PA Appellate Court Finds No Common Law Duty For Employer Handling Of Employee Info After Data Breach

The Pennsylvania Superior Court held yesterday in Dittman v. UPMC et al. that an employer owes no common law duty under a negligence theory to use reasonable care in the collection and storage of employee information and...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and...more

State Data Breach Notification Laws

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more

Failure to Timely Notify Results in Enforcement Action and Significant Settlement

For the first time, on January 9, 2017, the Department of Health and Human Services, Office for Civil Rights (HHS/OCR) settled a HIPAA enforcement action based on the untimely reporting of a breach of unsecured protected...more

California Amends its Data Breach Statute…Again

The California Legislature has again amended California's Data Breach Statute regarding the obligations of companies to disclose the breach of personal information stored in computerized data. (California Civil Code Section...more

2,761 Results
|
View per page
Page: of 111
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×