With employees working from home, attackers are relying on the fact that assistants and others are not able to confirm these requests from the executives as they are not in the same physical proximity to the executives as...more
FBI Issues Warning of Increased BEC During COVID-19 Pandemic -
On April 6, 2020, the Federal Bureau of Investigation (FBI) issued a warning to companies to be aware of an increase in business email compromises (BEC)...more
4/14/2020
/ ALEXA ,
Android ,
Business E-Mail Compromise (BEC) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Diagnostic Tests ,
FBI ,
Scams ,
Telecommuting ,
Vulnerability Assessments
Microsoft Issues Cybersecurity Risk Warning and Offers Help to Hospitals During COVID-19 Crisis -
On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk...more
4/6/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Microsoft ,
OCR ,
Popular ,
Telemarketing ,
Vulnerability Assessments
COVID-19 Vaccine Test Lab Hit by Maze Ransomware -
Despite the fact that the hackers behind Maze ransomware previously promised not to hit medical organizations during the coronavirus pandemic, the ransomware recently...more
3/31/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Drones ,
Federal Aviation Administration (FAA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Ransomware ,
Spam ,
Telecommuting ,
Telehealth
HHS Targeted by Nation-State Hackers -
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS)...more
3/20/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Federal Trade Commission (FTC) ,
FERPA ,
Hackers ,
Personal Data ,
PHI ,
Scams ,
State Attorneys General ,
Telecommuting ,
Waivers
City of Durham, NC Hit With Ryuk Ransomware -
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infectious Diseases ,
Municipalities ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Public Health ,
Ransomware
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the...more
3/13/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Databases ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government
I was admittedly bummed when I received the email from IAPP cancelling the global summit this year, which was scheduled for next month. Bummed, but not so surprised, as every day the coronavirus is wreaking havoc and causing...more
3/13/2020
/ China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Emergency Management Plans ,
Emergency Response ,
Event Cancellation ,
Infectious Diseases ,
Public Health
One of the most significant consumer rights offered by the new California Consumer Privacy Act (CCPA) is what we call the “private right of action” afforded by the law. A private right of action under a law basically means...more
3/13/2020
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action ,
State and Local Government
Two Las Vegas casinos’ networks were down over the past week, with posted signs saying “Cash Only” throughout the casinos after a suspected ransomware attack. Electronic slot machines were silent as the casinos reacted to the...more
3/6/2020
/ Casinos ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Privacy ,
Data Protection ,
Data Security ,
E-1 ,
Gaming ,
Hackers ,
Medicare Part D ,
OIG ,
Ransomware ,
Scams ,
Wire Fraud
Natural Gas Compressor Facility Shut Down After Ransomware Attack -
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in...more
2/25/2020
/ Bitcoin ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Emergency Response ,
Extortion ,
Hackers ,
OCR ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement Negotiations ,
TCPA
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
2/21/2020
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Self-Reporting
Ransomware Attacks Predicted to Occur Every 11 Seconds in 2021 with a Cost of $20 Billion -
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in...more
2/14/2020
/ Bitcoin ,
Brand ,
California Consumer Privacy Act (CCPA) ,
China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Wallets ,
Drones ,
Email ,
Emergency Response ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Legislative Agendas ,
Medical Devices ,
Personal Data ,
Personally Identifiable Information ,
Phishing Scams ,
Proposed Legislation ,
Regulatory Requirements ,
Risk Mitigation ,
Rulemaking Process ,
State Attorneys General ,
Threat Management ,
Unmanned Aircraft Systems ,
Vulnerability Assessments
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the...more
2/11/2020
/ Confidential Information ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Misconduct ,
Information Sharing ,
Internal Controls ,
Negligence ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
2/7/2020
/ China ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Infectious Diseases ,
Malware ,
Medical Records ,
OCR ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Public Health ,
Retailers ,
Tax Fraud ,
Vulnerability Assessments
A new report published by Coveware concludes that companies hit with ransomware attacks spend an average of 16 days recovering from the attack. Think about being offline and unable to do business for 16 business days. It is...more
1/31/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Drones ,
Hackers ,
Internet of Things ,
Ransomware ,
Request For Information ,
Risk Management ,
Super Bowl ,
Unmanned Aircraft Systems ,
USPS
It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-aService (BPaaS)....more
1/24/2020
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Online Platforms ,
Personal Data ,
PHI ,
Risk Management ,
SaaS
The same week that the National Institute of Standards and Technology came out with its Privacy Framework [view related post], highlighting how privacy is basically a conundrum, news articles also highlighted a new...more
The National Institute of Standards and Technology (NIST) released its first privacy framework tool (the “Privacy Framework”) on January 16, 2020. In the Executive Summary...more
1/23/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
NIST ,
Personal Data ,
Popular ,
Risk Management
FBI Warns of Retaliatory Cyber-Attack from Iran -
The Federal Bureau of Investigation (FBI) is warning of a heightened likelihood of Iranian cyber-attacks following the escalation of tension between the U.S. and Iran. This...more
1/17/2020
/ Assassinations ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Dating Services ,
Drones ,
Federal Aviation Administration (FAA) ,
GAO ,
Hackers ,
Information Management ,
Iran ,
Mobile Apps ,
Online Reviews ,
Personal Data ,
Personally Identifiable Information ,
Research Reports ,
Risk Management ,
State Attorneys General ,
Unmanned Aircraft Systems ,
Vulnerability Assessments ,
Yelp
I don’t know much about dating apps. I met my husband decades ago, long before the Internet, and the old-fashioned way—in college. But I know people who have used them, have been happy with them, have found their life partner...more
1/16/2020
/ Ashley Madison ,
Consumer Privacy Rights ,
Cookies ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Dating Services ,
Internet ,
Mobile App Privacy Guidelines ,
Mobile Apps ,
Online Platforms ,
Personally Identifiable Information ,
Privacy Policy ,
State Attorneys General ,
Web Tracking ,
Websites
Department of Homeland Security Warns of Cyber-Attacks by Iran -
The Department of Homeland Security (DHS) issued a grave warning to U.S. businesses and critical infrastructure operators on January 6, 2020, alerting the...more
1/10/2020
/ Assassinations ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Drones ,
Federal Aviation Administration (FAA) ,
Financial Services Industry ,
Foreign Relations ,
Hackers ,
Information Sharing ,
Iran ,
Microsoft ,
NYDFS ,
Operating System Developers ,
Personally Identifiable Information ,
Risk Management ,
Risk Mitigation ,
Unmanned Aircraft Systems ,
Vulnerability Assessments
After much anticipation and trepidation, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Many companies are understandably still grappling with the details of the law, the amendments, and the...more
1/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
An Illinois employee of Power Solutions International Inc. (Power Solutions) filed suit against his employer alleging violations of the Illinois Biometric Information Privacy Act (BIPA) when Power Solutions collected his...more
12/20/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Fingerprints ,
Notice Requirements ,
Personally Identifiable Information ,
Preemption ,
Prior Express Consent ,
Statutory Interpretation ,
Workers Compensation Act ,
Workplace Injury
Arizona-based Banner Health has agreed to settle for up to $6 million a class action case filed against it following a 2016 incident that compromised the personal information of 3 million individuals....more
12/13/2019
/ Class Action ,
Credit Monitoring ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Debit and Credit Card Transactions ,
Hackers ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements