On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
On Thursday, May 19, 2023, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking and a request for public comment on proposed changes to the Health Breach Notification Rule (HBNR or, the Rule) that would...more
In August 2022, LastPass – one of the largest password managers in the world – suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Password managers are an...more
On January 25, the Department of Veterans Affairs (VA) published a new final rule amending contractual provisions in the VA Acquisition Regulation (VAAR) to address data privacy, protection, and cybersecurity. The aim of the...more
If your management team and board of directors are not talking often about cyber liability and risk management, they will be soon. As a matter of both corporate and individual liability, recent enforcement makes it clear...more
For most companies, human resource departments handle one of their most valuable and sensitive information assets: the personal data of their employees and job candidates. While this dataset provides employers a goldmine of...more
On Tuesday, December 8 one of the nation's leading cyber defense vendors (FireEye) announced it suffered a recent cyber-attack from a "highly sophisticated threat actor, one whose discipline, operational security lead us to...more
12/11/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Risk Management
Due to the changing and challenging economic circumstances brought on by COVID-19, companies are now having to consider furloughing employees. All companies must consider how they will handle such moves with respect to their...more
As organizations prepare for certain contingency work arrangements in response to the coronavirus (COVID-19) outbreak, companies must also focus attention on ensuring appropriate cyber hygiene. ...more
2020 OCIE Priorities -
On January 7, 2020, the Securities Exchange Commission's (SEC) Office of Compliance Inspections and Examination (OCIE) released its "2020 Examination Priorities," which included a focus on...more
Happy Data Privacy Day! Today, January 28, is a day to raise awareness, foster dialogue, and empower companies to act to ensure proper privacy (and security) of all types of data and information....more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
Does your company qualify as a "data broker"? You may be surprised by the answer and as of January 1, 2019 your company may be subject to a new Vermont law governing such entities....more
States continue to amend their Data Protection and Breach Notification Requirements. Maryland and Delaware are the most recent states to pass legislation designed to bring additional precision to an organization's...more
Regardless of whether you have experienced any disruptions to date, you cannot ignore the major global cybersecurity attack that continues to plague organizations. A particularly destructive piece of malicious software, the...more
All companies with Tennessee employees or customers need to revise their data incident policies and procedures. Tennessee has revised their breach notification statute to remove the encryption safe harbor, which previously...more
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements
California Governor Jerry Brown signed into law on September 30, three amendments to California's privacy laws of which every business must be aware. The amendments to the Civil Code (i) significantly broaden the scope of...more
Companies commonly utilize Facebook as part of their online social media advertising strategy. Companies should revisit this strategy in light of a recent finding in the Northern California U.S. District Court (In re Hulu...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
8/21/2014
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
EHR ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
PHI ,
Popular
On June 20, 2014, and in the wake of several high profile data breaches, Governor Rick L. Scott signed into law the Florida Information Protection Act of 2014 (FIPA), which will replace Florida's existing data breach...more
On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more