In a March 31, 2025 letter, the Chair of the FTC, Andrew Ferguson, wrote to the Acting U.S. Bankruptcy Trustee and set out the FTC’s expectations for the protection of consumer information held by 23andMe.
As we noted...more
On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more
Overall, the Report recognized the complex interplay between AI advancement and privacy/security concerns, advocating for a balanced approach that promotes innovation while protecting individual rights and national interests....more
As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
9/20/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Health Technology ,
Healthcare ,
Medical Devices ,
PHI ,
Popular ,
Risk Assessment
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules. These updated rules require telecommunications providers to report breaches of customer proprietary network...more
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies. According to NordPass’s analysis, the “top” 20 passwords are:
-...more
It’s been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I...more
The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current...more
5/9/2023
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Email ,
Financial Services Industry ,
Hackers ,
Phishing Scams
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
10/26/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Incident Response Plans ,
Personally Identifiable Information
As more and more of us return to the office, it’s a good time to revisit the passwords you use. It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center...more
Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably...more
On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in...more
If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself...more
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In...more
InfoTrax Systems, a Utah-based technology company, has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security...more
12/2/2019
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Websites
A recent report from the Mass Digital Health Council includes a cybersecurity toolkit created by MDHC’s Cybersecurity Group of Experts (CGE). The toolkit will enable faster clinical adoption of new digital health products,...more
What do pumpkin spice lattes and National Cybersecurity Awareness Month have in common? Not much, other than both should be top of mind in October, but that doesn’t mean that it’s wrong to think about them both in August....more
In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations...more
"Open the pod door, HAL"
• Commercial voice-activated intelligent personal assistants from Amazon, Apple, Google, and Microsoft, among others, are growing in popularity.
• A report from NPR and Edison Research states...more
2/28/2019
/ Confidential Communications ,
Connected Items ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Mobile Apps ,
Oral Communications ,
Patient Privacy Rights ,
Personal Assistants ,
Physicians ,
Privacy Concerns ,
Security Rule ,
Smart Devices ,
Technology Sector ,
Telecommunications
Editors’ Note: This is the seventh and last in our third annual series examining important trends in data privacy and cybersecurity during the new year. Our previous entries were on political advertising, cryptocurrency,...more
The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs). But this simple aphorism continues to be true. A recent example...more
As noted recently in the Wall Street Journal, “New cybersecurity rules will give Chinese authorities sweeping powers to inspect companies’ information technology and access proprietary information—steps that are likely to...more
All That Data! -
..Therapies, diagnostics, and connected devices now gather huge amounts of data
..That data can be more valuable than the “thing” that is treating, diagnosing, or connecting, provided you have the...more