Linn Freedman at Robinson & Cole LLP

California DMV Exposes 3,200 Drivers’ SSNs

The California Department of Motor Vehicles (DMV) announced on November 5, 2019, that it allowed the Social Security numbers (SSNs) of 3,200 California drivers to be accessed by unauthorized individuals in other state and...more

11/7/2019 / Data Breach , Data Collection , Data Protection , Data Security , DMV , Personally Identifiable Information , Social Security Numbers

Data Privacy + Cybersecurity Insider - October 2019 #5

Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities - CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of...more

11/4/2019 / Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Collection , Data Privacy , Data Protection , Energy Sector , FBI , Internet of Things , New Legislation , Personal Data , Personally Identifiable Information , Ransomware , Veterans , Vulnerability Assessments , Vulnerable Victims

Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities

CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. ...more

11/1/2019 / Cyber Attacks , Cybersecurity , Electricity , Energy Sector , Information Security , Internet of Things , Oil & Gas , Popular , Smart Devices , Vulnerability Assessments

FBI Warns of E-Skimming Threats

For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming...more

11/1/2019 / Cyber Threats , Data Protection , Debit and Credit Card Transactions , E-Commerce , FBI , Hackers , Malware , Online Payments , Vulnerability Assessments

Privacy Tip #214 – Veterans Warned of Risk of Misuse of Sensitive Personal Information

The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information...more

10/31/2019 / Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Data Security , Department of Veterans Affairs , Federal Trade Commission (FTC) , Hackers , Identity Theft , Information Security , Personally Identifiable Information , Security Audits , Veterans , Vulnerability Assessments , Vulnerable Victims , Whistleblowers

Ransomware Hits Legal Case Management Provider TrialWorks

TrialWorks, a legal case management software platform announced to its customers on October 13, 2019, that it was experiencing a hosting outage at their data center and that they would provide updates as they learned more...more

10/31/2019 / Case Management , Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Ransomware , Software

Data Privacy + Cybersecurity Insider - October 2019 #4

Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to...more

Hackers Eavesdrop and Obtain Sensitive Data of Users Through Home Smart Assistants

Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities to be able to listen to users’ every word...more

10/25/2019 / Amazon Marketplace , Connected Items , Cyber Attacks , Data Privacy , Eavesdropping , Google , Hackers , Information Security , Information Technology , Phishing Scams , Popular , Risk Management , Smart Devices , Vulnerability Assessments

Philadelphia DPH Breach Exposes Hepatitis Patients’ Data

A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The...more

10/25/2019 / Data Breach , Data Protection , Government Entities , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , Online Platforms , Personally Identifiable Information , PHI , Public Health , Vulnerability Assessments , Websites

Compliance: Keeping Up with Rapidly Changing Privacy and Security Laws

The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I...more

10/24/2019 / California Consumer Privacy Act (CCPA) , Data Collection , Data Security , Information Security , Personal Data , Popular , Privacy Laws

Privacy Tip #213 – The Jumbo Privacy App

As most of you know, I rarely download an app. However, here’s one I just downloaded and here’s why. The Jumbo Privacy app, available in the Apple store, is all about providing consumers with a way to audit their privacy and...more

10/24/2019 / Apple , Dark Web , Data Protection , Information Security , Mobile Apps , Mobile Device Management , Mobile Devices , Personally Identifiable Information , Privacy Concerns , Risk Management , Security Audits

Jackson Health System Fined by OCR for $2.15 Million

The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (“Jackson”), a not for profit hospital system comprised of six hospitals, urgent care centers, nursing facilities and primary care...more

10/24/2019 / Data Breach , Electronic Medical Records , Enforcement Actions , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , HIPAA Breach , Information Technology , Notice of Determination (NODs) , OCR , Personally Identifiable Information , PHI , Risk Assessment

Data Privacy + Cybersecurity Insider - October 2019 #3

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks. ...more

10/18/2019 / California Consumer Privacy Act (CCPA) , Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Hackers , Information Technology , National Security Agency (NSA) , Network Security , Personal Data , Personally Identifiable Information , Virtual Private Networks , Vulnerability Assessments

NSA Warns of Hackers Attacking VPN Service Applications

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain...more

10/18/2019 / Advisory Opinions , Cyber Attacks , Cybersecurity , Data Breach , Data Protection , Hackers , Information Security , Information Technology , National Security Agency (NSA) , Virtual Private Networks , Vulnerability Assessments

Small and Mid-Sized Businesses Continue to Be Targeted by Cybercriminals

A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks....more

10/17/2019 / Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Data Protection , Data Security , Hackers , Personally Identifiable Information , Popular , Risk Management , Vulnerability Assessments

Privacy Tip #212 – National Cybersecurity Awareness Month: “Own IT”

Everyone should be aware that October is National Cybersecurity Awareness Month. TechNewsWorld is urging all users to “Own IT,” which “means staying safe on social media, updating privacy settings, and keeping tabs on apps....more

10/17/2019 / Cybersecurity , Data Collection , Data Management , Data Protection , Information Technology , Mobile Apps , Personally Identifiable Information , Risk Management

Data Privacy + Cybersecurity Insider - October 2019 #2

The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry....more

Dental Practice Pays $10,000 Fine to OCR for Disclosing PHI on Social Media

Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000....more

10/14/2019 / Cybersecurity , Data Breach , Dentists , Enforcement Actions , Fines , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , HIPAA Breach , OCR , Personally Identifiable Information , PHI , Policies and Procedures , Privacy Rule

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense...more

10/14/2019 / Certifications , Cooperative Compliance Regime , Cybersecurity , Cybersecurity Maturity Model Certification (CMMC) , Data Privacy , Data Protection , Data Security , Department of Defense (DOD) , Federal Contractors , Regulatory Requirements , Subcontractors , Vendors

CCPA News: Amendments Signed into Law by the Governor and Draft Regulations Released by the Attorney General

Last week was a busy week for the California Consumer Privacy Act (CCPA), as Attorney General Xavier Becerra released draft regulations on October 10 and Governor Newsom signed several pending CCPA amendments into law on...more

10/14/2019 / California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Cybersecurity , Data Collection , Data Management , Data Privacy , Data Protection , New Legislation , Personal Data , Personally Identifiable Information , Privacy Laws , Rulemaking Process , State and Local Government

FBI Warns of Sharp Increase in Ransomware Attacks in Certain Sectors