Data Breach

News & Analysis as of

2.7 Million Dollar HIPAA Settlement

Last week, Oregon Health & Science University (“OHSU”) agreed to pay $2.7 million to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule, Privacy Rule, and...more

Breaking News: FTC Vacates ALJ’s Ruling and Finds LabMD Liable for Unfair Data Security Practices

In a ruling issued this morning, the Federal Trade Commission found that LabMD, the defunct Atlanta-based cancer detection lab, failed to protect patient information and is liable for unfair data security practices. The...more

Illinois voter registration database hacked

The Illinois State Board of Elections has notified voters that its online voter registration site has been hacked. According to the letter sent to Illinois voters by the Board of Elections, “We have found no evidence...more

University of Mississippi Medical Center settles HIPAA violations for $2.75M

The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach. This most recent settlement of fines and penalties and a Resolution Agreement is with the University of...more

Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law: Chapter 11:...

Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" does not change. Any entity that is a processor under the Directive likely continues to be a processor under the GDPR. However,...more

Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law: Chapter 10:...

Why does this topic matter to organisations? Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is...more

HIPAA and $15 Million in 2016

For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules,...more

U.S. Court in Louisiana Remands Advance Stores Co. Data Breach Class Action to State Court

In a case with a familiar fact pattern, the United States District Court for the Eastern District of Louisiana refused to find that permitting Plaintiff to proceed in Louisiana state court was “futile” on Article III standing...more

Recent Decision Widens “Narrow” Door for Use of the Computer Fraud and Abuse Act against Corporate Insiders

Information security threats come from a variety of sources, including outside hackers and disloyal corporate insiders. One federal statute that may provide a powerful remedy when a company’s defenses are breached and data is...more

OCR’s Recent $2.7 Million Settlement with Oregon Health & Science University Highlights the Importance of HIPAA Compliance...

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Oregon Health & Science University (OHSU) recently entered into a resolution agreement to settle potential violations of HIPAA’s Privacy and...more

Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law: Chapter 5: Key...

Why does this topic matter to organisations? The defined terms set out in this Chapter are of critical importance to understanding how EU data protection law applies to an organisation. For example, the question of...more

Prevailing in an Era of Regulatory Enforcement – Balancing Risk and Compliance [Expect Focus – Vol. II, July 2016]

IN THE SPOTLIGHT - - SEC Sanctions Unregistered EB-5 Investments Broker SECURITIES - - FINRA to Assess Member Firms’ Culture - SEC Seeks Fund Responses to Distribution-In-Guise Guidance...more

See You In Court! - July/August 2016

Out of the blue, Nancy Newshound, longtime reporter for the Nutmeg Bugle called Mr. Superintendent. “I understand that a student hacked the district’s system and changed a bunch of grades,” she stated. “What can you tell me...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Federal District Court Dismisses Data Breach Class Action Complaint Against Scottrade

On July 12, 2016, the United States District Court for the Eastern District of Missouri granted Scottrade’s motion to dismiss a putative class action complaint that was predicated on the alleged theft of personal information...more

In Case You Missed It: Launch Links - July, 2016 #2

Some interesting links we found across the web this week: Why You Don’t Need to Found Your Startup in Silicon Valley - Startups have the potential to thrive in places less "trendy" than California....more

Symantec releases “Ransomware and Businesses” report

Symantec Corp released its annual “Ransomware and Businesses” report this week outlining the increasing sophistication of ransomware attacks. Individuals continue to be the primary target of ransomware attacks as they usually...more

Ex-Cardinals scouting director sentenced to serve time in jail for Astros database hacking

Back in January, we wrote about the ex-Cardinals Scouting Director pleading guilty to hacking the Houston Astros database. Now, this week, Christopher Correa, former scouting director and director of baseball development, was...more

Is encryption the key to your data security?

With the increased rate of data breaches targeting personal information, an increased public awareness of online privacy, and an increasingly demanding regulatory landscape, large and small businesses are looking to...more

Scottrade data breach class action case dismissed for lack of standing

We previously reported that Scottrade was hit with a class action case within 24 hours of notifying customers of a data breach. According to the Complaint, the data compromised included the names, addresses, telephone...more

OCR Announces First HIPAA Enforcement Action against a Business Associate

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more

Major League Baseball investigating Cardinals-Astros hacking

Promptly following the sentencing of Christopher Correa on July 18, 2016, Major League Baseball Commissioner Rob Manfred announced that Major League Baseball (MLB) is looking further into the hacking incident involving...more

European Parliament Passes Landmark Data Protection Regulation

On April 14, 2016, the European Parliament passed the General Data Protection Regulation (GDPR) and its companion, Data Protection Directive for Police and Criminal Justice Authorities. The GDPR is a comprehensive regulation...more

Homeowners Associations – Business Judgment Rule

Palm Springs Villa II Homeowners Association, Inc. v. Erna Parth - Court of Appeal, Fourth Appellate District (June 21, 2016) - The “business judgment rule” refers to a judicial policy of deference to the business...more

Password sharing and “head-slap hacks”: What employers can do

If you have ever wondered why your company’s data is not as secure as it should be, take a look in the mirror. A study by the Ponemon Institute, commissioned by Experian and released in May, found that the majority of...more

2,320 Results
|
View per page
Page: of 93
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×