Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
With mobile devices being the epicenter of communication and data generation, successfully navigating a digital investigation hinges on your ability to handle the proliferation of this data. However, forensic investigators...more
The amount of data stored on phones is overwhelming. In 95% of investigations, text messages and conversations are used as evidence sources. Investigators need to be able to be able to retrieve the full, comprehensive...more
The digital landscape is constantly evolving, and with it, the challenges faced by digital forensics and eDiscovery collections professionals. Join our expert panel as they discuss targeted remote collections for iOS and...more
In the wake of the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, many individuals and organizations have expressed uncertainty about the protection afforded to data stored on health apps,...more
Uncovering the most amount of device data in a digital investigation is key to finding implicating evidence. In 95% of investigations, text messages and conversations are used as evidence sources. Corporate...more
On July 27, 2020, the U.S. Department of Health and Human Services (HHS) announced that it reached a settlement with a Rhode Island nonprofit health system related to the theft of an unencrypted laptop containing its...more
After a long quiet period, the second HIPAA settlement to be announced by the U.S. Department of Health and Human Services (HHS) in an orchestrated one-two punch was far more costly to the second violator. Lifespan Health...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
On November 5, 2019, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced a $3 million settlement with the University of Rochester Medical Center (URMC) to settle potential...more
This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more
In one of this year’s largest HIPAA settlements, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is set to collect $3 million from the University of Rochester Medical Center (URMC). This...more
In Part 1 of our series on mobile devices, we discussed preserving and collecting mobile device data. In this article, we turn to the types of information you can expect to encounter with mobile devices and key considerations...more
The CFPB’s Office of Inspector General has issued a report indicating that, in performing an audit of the CFPB’s encryption of data on mobile devices issued to staff members, the OIG found the CFPB had not yet completed all...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) released its October Cybersecurity Newsletter last week with a focus on mobile devices. Given the amount of work conducted on mobile devices...more
The U.S. Department of Health and Human Services (HHS) recently announced yet another HIPAA privacy and security settlement involving Protected Health Information (PHI) on a stolen laptop. Although this might be seen as just...more
Securing physical worksites and workspaces is by now old hat. We all know file cabinets should be locked, worksites secured and personal access to information monitored. Securing portable devices, however, often receives less...more
Data Privacy Day was January 28th – the annual event, coordinated by the National Cyber Security Alliance, celebrates the signing in 1981 of the first international treaty addressing privacy and data protection. On...more
The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the...more
On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more
I have been doing a lot of live employee training lately. I really enjoy it, and have been told that it is some of the most entertaining training around. The reason why I can get the audience to laugh is because I tell real...more
USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it...more
Just before Thanksgiving, Lahey Hospital and Medical Center (“Lahey”), a non-profit teaching hospital located in Burlington, Massachusetts, agreed to pay $850,000 for a breach of unsecured electronic protected health...more
With the release of Android 6.0, code name Marshmallow, Google has mandated that OEMs (Original Equipment Manufacturers) enable full disk encryption. Google is requiring that the feature be enabled as part of the ‘out of box...more
Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more
With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more