As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
9/20/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Health Technology ,
Healthcare ,
Medical Devices ,
PHI ,
Risk Assessment
The Massachusetts Attorney General’s Office (AGO) issued an announcement last week to inform consumers who may have had their personal information breached in Change Healthcare’s cyberattack this past February. The AGO was...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
State Attorneys General play a significant role in shaping health care policy across the country. While the national debates over health care policy in Congress and the federal government receive significant media attention,...more
The FTC has updated its HBNR to clarify that the rule also restricts marketing practices involving personal health information. This update to the HBNR was announced on April 26, 2024, and follows several recent enforcement...more
4/29/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Regulatory Agenda ,
Regulatory Reform ,
Technology
I was pleased to take part in the “Transforming Care – Strategies for Integration of Artificial Intelligence in Healthcare” discussion, hosted by the New England Healthcare Executive Network at Foley Hoag on April 1. The...more
On March 26, 2024, the HHS Office of Inspector General (OIG) released a cybersecurity toolkit for HHS leaders to help them plan and deploy information systems in response to disasters and public health emergencies. The...more
Change Healthcare Cyberattack -
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change...more
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules. These updated rules require telecommunications providers to report breaches of customer proprietary network...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
11/28/2023
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
FBI ,
NIST ,
Popular ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Sensitive Business Information
If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the...more
11/27/2023
/ Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Healthcare ,
Information Technology ,
Internet ,
Mitigation ,
New Guidance ,
Public Health ,
Technology Sector
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies. According to NordPass’s analysis, the “top” 20 passwords are:
-...more
Massachusetts Extends Protections for Counseling Records of Survivors of Sexual Assault -
The Massachusetts Supreme Judicial Court has ruled in In the Matter of a Motion to Compel, SJC-13336 that the Superior Court could...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules requiring disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk, management, strategy, and governance...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 13, 2023, the Biden Administration released its National Cybersecurity Strategy Implementation Plan (NCSIP) with the goal of providng transparency and coordination for its existing goals. The NCSIP details more than...more
In the FTC’s first case focused on the privacy and security of genetic information, the FTC alleges that San Francisco-based Vitagene, Inc. – now known as 1Health.io – failed to live up to its promises and unfairly changed...more
6/21/2023
/ Cloud Storage ,
Confidential Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Data Use Policies ,
DNA ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Life Sciences ,
Personal Information ,
Privacy Laws
It’s been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I...more
On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware...more
The Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the...more
5/15/2023
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
New Guidance ,
OCR ,
PHI ,
Public Health Emergency ,
Telehealth ,
Telemedicine
The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current...more
5/9/2023
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Email ,
Financial Services Industry ,
Hackers ,
Phishing Scams
Like many regulatory standards, enforcement of HIPAA was relaxed as part of the COVID-19 pandemic response. With the end of the public health emergency declaration on May 11, 2023, the broad relaxed HIPAA enforcement also...more
Although it certainly seems anticlimactic, the Massachusetts Supreme Judicial Court has ruled that the City of Boston could enforce COVID-19 vaccination requirements on city employees. The plaintiffs, the Boston police and...more
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
3/17/2023
/ Advertising ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Information Sharing ,
Personal Information ,
Technology Sector ,
Third-Party ,
Web Tracking ,
Websites
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more