The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
7/2/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reporting Requirements
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
12/21/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Phishing Scams ,
Popular ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
Vulnerability Assessments
Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement...more
6/9/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Mobile Health Apps ,
Patient Privacy Rights ,
Policy Statement ,
Popular ,
Regulatory Agenda ,
Regulatory Reform
Companies that make ransomware payments, whether they be the victim of a ransomware attack or entities that facilitate such payments, should review the updated advisory issued by U.S. Department of the Treasury's Office of...more
9/28/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Financial Institutions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk-Based Approaches ,
SDN List
Colorado just became the third state to pass a comprehensive data privacy law, creating more challenges for businesses trying to navigate a variety of state, federal, and international privacy regimes. The Colorado Privacy...more
7/19/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Digital Service Providers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
Regulatory Standards
In response to a recent General Accounting Office (GAO) report recommending federal guidance to mitigate cybersecurity risks in retirement plans and to respond to ever-increasing cyber threats to plan participant data and...more
4/16/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary ,
GAO ,
Investment Management ,
Popular ,
Retirement Plan ,
Risk Mitigation
The New York Department of Financial Services ("NYDFS") recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk....more
2/25/2021
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Risk Management
While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Vulnerability Assessments
The Court of Justice of the European Union (CJEU) recently issued a decision with global implications for data transfers from the EU in a case referred to the CJEU from the Irish Data Protection Commissioner, colloquially...more
8/5/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals. Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on...more
Since the California Consumer Privacy Act (CCPA) was enacted in June 2018, businesses have been waiting for the proposed regulations to provide guidance and potential clarifications. On October 10, 2019, California Attorney...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Proposed Regulation ,
Right to Delete
The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the...more
Nonprofit organizations often collect personal information from a variety of sources such as donors, employees, volunteers, and the people who benefit from their services. This information is diverse and might include credit...more
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. ...more
5/1/2018
/ Cooperative Compliance Regime ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Effective April 9, 2014, Microsoft will no longer provide technical support or security updates for the Windows XP operating system. According to Microsoft, personal computers running Windows XP after April 8, 2014 should not...more
On December 31, 2013, the Federal Trade Commission ("FTC") announced that Accretive Health, Inc., ("Accretive") agreed to settle charges that the company's inadequate data security measures exposed sensitive consumer...more