Data Breach

News & Analysis as of

The Ashley Madison Breach: Canada-Australia Report of Investigation and Takeaways for all Organizations

On August 23, 2016, the Office of the Privacy Commissioner of Canada (OPC) released its joint report with the Office of the Australian Information Commissioner (OAIC) regarding its investigation of the 2015 Ashley Madison...more

Cybersecurity News and Notes – August 2016 #3

In Case You Missed It: Sometimes data breaches crop-up in the most unlikely of places. Last week we learned that the vendor that handles fish and hunting licenses for the states of Idaho, Oregon, and Washington was hacked. ...more

Small Breaches Matter Too: OCR Broadens HIPAA Breach Investigations

The Regional Offices of the Department of Health and Human Services Office for Civil Rights (OCR) already investigate every reported Health Insurance Portability and Accountability Act (HIPAA) breach affecting 500 or more...more

Are You Prepared for Disruption? New regulations, new challenges and opportunities [Expect Focus – Vol. II, July 2016]

- Fed Takes First Steps Toward Setting Capital Requirements for Some Insurers - New Wave of COI Rate Increase Lawsuits Hits the Industry - STOLI Policies Cancelled, Insurers Retain Premium - SEC...more

Cyber Update: What Businesses Must Know about the New Presidential Policy Directive

Last month the White House disclosed how the federal government will coordinate incident response activities in the event of a large-scale cyber incident. While the policy directive is worth reading in its entirety, this...more

Naughty Secrets – Findings in the Ashley Madison Breach

A quote attributed to FBI Director Robert Mueller is, “There are only two types of companies: those that have been hacked and those that will be”. The assessment of the Ashley Madison cyber-attack has lessons for all...more

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

Locky Ransomware Continues to Hit Health Care Entities

FireEye Labs has reported that the Locky ransomware continues to hit the health care industry hard, and has increased in the month of August. Although the telecommunications, manufacturing and aerospace/defense...more

FTC Overturns ALJ’s LabMD Decision and Reasserts its Role as a Data Security Enforcer

On July 29, 2016, the Federal Trade Commission (“FTC” or “Commission”) reversed an FTC administrative law judge’s (“ALJ”) opinion which had ruled against the FTC, finding that the Commission had failed to show that LabMD’s...more

Eddie Bauer Latest Victim of Point-of-Sale Compromise

Eddie Bauer announced on August 18th that it is the latest retailer who has become a victim of a “sophisticated” cyber intrusion that has compromised all of the cash registers in the 350 Eddie Bauer stores throughout the U.S....more

The Goal of Gender Equality in Cybersecurity

I have the privilege of teaching the Privacy Law class at Roger Williams University School of Law (RWU). It is a required course for the school’s Joint Masters in Cybersecurity/Juris Doctor program, which is, to my knowledge,...more

OCR to Investigate More HIPAA Breaches Affecting Fewer Than 500 Individuals

On August 18, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced plans to expand its investigations of reported breaches of the Health Insurance Portability and...more

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000...more

NAIC Cybersecurity Task Force Weighs Credit Freezes

On May 24-25, the NAIC Cybersecurity (EX) Task Force held an interim meeting to hear comments from various industry trade organizations and other interested parties on the proposed Insurance Data Security Model Law exposed...more

AGG Litigation Insights Newsletter - Summer 2016

Even for companies accustomed to civil lawsuits, when the government is on the other side of the “v,” the prospect of litigation can be intimidating and unfamiliar. In this issue of the Litigation Newsletter, we explore how...more

HIPAA Security Rule Compliance for Providers & Business Associates in Three Easy Steps

On August 4, 2016, the Office for Civil Rights (“OCR”) of the U.S. Health & Human Services Department (“HHS”) announced a $5.55 million HIPAA settlement with Advocate Health Care Network (“Advocate”), the largest...more

Client Alert: OCR Blitzkrieg: Wider Investigation of Smaller Breaches

On the heels of its first business associate settlement with a business associate and a hat trick of multi-million dollar settlements with covered entities involving electronic Protected Health Information (“PHI”), on August...more

Defending a Data Breach Investigation by the Federal Trade Commission

Your company has experienced a data breach, and the Federal Trade Commission (“FTC”) notifies you that it is initiating a non-public investigation. How the company responds can significantly affect the course of the...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

Eddie Bauer Latest Victim of POS Malware Attack

Last week the clothing retailer Eddie Bauer LLC issued a press release to announce that its point of sale (“POS”) system at retail stores was compromised by malware for more than six months earlier this year. The...more

Heal Thyself: Insider Threats to Heed, Especially for Industries with Large Amounts of Personal Information

A recent study by the Ponemon Institute found that insider threats due to malicious or negligent employees are the leading cause of private-sector cybersecurity incidents. Of the over 600 information security professionals...more

Hackers Steal 600K Records from Health Care Firms – Could Your Wearable Device Be Next?

Security firm InfoArmor published a report in late July 2016 stating that a group of attackers infiltrated American health care institutions, stole at least 600,000 patient records and attempted to sell more than 3 terabytes...more

New York A.G. Announces $100k Settlement Over Data Breach

On August 5, New York Attorney General Eric T. Schneiderman announced a settlement with Provision Supply, LLC d/b/a EZcontactsUSA.com, imposing $100,000 in penalties and ongoing obligations to maintain certain security...more

A Closer Look at the OCR’s Guidance on Ransomware

In the wake of several high-profile ransomware infections targeting hospitals and health care organizations, the Department of Health and Human Services Office for Civil Rights (OCR) has issued guidance on the growing threat...more

Privilege Considerations in Cyber Incident Response

As with other types of crisis situations, a cyber security incident can generate not only operational issues, but also significant legal exposure. Affected companies should think through the associated privilege issues,...more

2,412 Results
|
View per page
Page: of 97
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×