On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware...more
The Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the...more
5/15/2023
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
New Guidance ,
OCR ,
PHI ,
Public Health Emergency ,
Telehealth ,
Telemedicine
The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current...more
5/9/2023
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Email ,
Financial Services Industry ,
Hackers ,
Phishing Scams
Like many regulatory standards, enforcement of HIPAA was relaxed as part of the COVID-19 pandemic response. With the end of the public health emergency declaration on May 11, 2023, the broad relaxed HIPAA enforcement also...more
Although it certainly seems anticlimactic, the Massachusetts Supreme Judicial Court has ruled that the City of Boston could enforce COVID-19 vaccination requirements on city employees. The plaintiffs, the Boston police and...more
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
3/17/2023
/ Advertising ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Platforms ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Information Sharing ,
Personal Information ,
Technology Sector ,
Third-Party ,
Web Tracking ,
Websites
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
In a Statement of Administration Policy submitted to Congress on January 30, 2023, the Biden administration announced its plans to end the COVID-19 national emergency and the public health emergency. The statement reads as...more
On January 11, 2023, the Department of Health and Human Services extended the COVID-19 public health emergency through at least April 11, 2023. This is the twelfth extension of the PHE since January 2020. HHS last renewed the...more
Governor Charlie Baker recently took steps to strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022 creating an advisory panel to improve the state’s cyber defense. The new state task...more
On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
On November 14, 2022, the Massachusetts Department of Public Health (DPH) issued Public Health Emergency Order No. 2022-21, which immediately rescinded other public health emergency orders that were previously issued in...more
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
10/26/2022
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Enforcement ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Incident Response Plans ,
Personally Identifiable Information
As more and more of us return to the office, it’s a good time to revisit the passwords you use. It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center...more
If your company creates health-related apps, the Federal Trade Commission (FTC) has set out some key considerations:
- Make accurate representations. Clearly explain how people’s information will be used and shared and then...more
4/26/2022
/ App Developers ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Healthcare ,
Information Sharing ,
Mobile Apps ,
Mobile Devices ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Risk Management
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could...more
On Monday, April 18, 2022, Judge Kathryn Kimball Mizelle of the Middle District of Florida issued a 59-page order striking down the CDC’s national mask mandate on airplanes and mass transit, which was based on a regulation...more
April 14, 2022 On April 12, 2022, Secretary Becerra of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, effective April 16, 2022, until July 15, 2022...more
The White House has released a COVID-19 preparedness plan that assumes we will be living with the virus for the long term.
The 96-page plan has four primary goals: (1) protect against and treat COVID-19, (2) prepare for...more
The Cybersecurity & Infrastructure Security Agency (“CISA”) has just released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps...more
On February 4, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted FAQs designed to make clear that civil rights protections remain in full force and effect during disasters or...more
Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably...more
Earlier this week, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s...more
2/7/2022
/ Administrative Review Board ,
Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
National Security ,
Policies and Procedures ,
Policy Management ,
Popular ,
Threat Management
According to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA“), the potential hostilities between Russia and Ukraine are likely to spill over into cyber warfare. In this month’s CISA Insights:
Every...more
On January 14, 2022, Secretary Becerra of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, until April 16, 2022. Without this extension, the declaration would have...more