The Food and Drug Administration is stepping up its game with respect to the cybersecurity of medical devices.
On Monday, the agency announced its launch of a preparedness and response “playbook” to address threats to...more
In Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets study, the consulting firm reported the rate at which cyber-attacks on banking and capital markets firms are successful dropped from 36 percent in...more
In a significant ruling addressing the scope of the attorney-client privilege and work product doctrine in a data breach case, a Federal judge in Oregon ordered Premera Blue Cross, the Washington-based healthcare services...more
11/10/2017
/ Attorney-Client Privilege ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Discovery ,
Health Insurance ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Premera Blue Cross ,
Putative Class Actions ,
Work-Product Doctrine
Not all cybersecurity risks are the stuff of super-secret code hacks or high-tech digital attacks. One of the biggest culprits: off-the-shelf thumb drives (also known as flash drives or memory sticks) that you can purchase...more
The federal Computer Fraud and Abuse Act of 1986 (“CFAA”) has generated controversy and disagreement among courts and commentators regarding the scope of its application. The statute, 18 U.S.C. § 1030, which provides for...more
New filings in the consolidated Home Depot data breach litigation, which we have previously covered on this blog, indicate that Home Depot and the remaining financial institution plaintiffs have reached a...more
3/13/2017
/ Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Financial Institutions ,
Home Depot ,
Malware ,
Point of Sale Terminals ,
Popular ,
Retail Market ,
Settlement
Back in December of last year, we reported that for the first time, a U.S. law firm – Johnson & Bell, a mid-sized Chicago firm – was publicly named in a class action data security lawsuit. Last month, the firm obtained a...more
The United States Court of Appeals for the Third Circuit recently ruled that a data breach class action may proceed on the basis of a Fair Credit Reporting Act (FCRA) violation alone, even where the putative class members do...more
The transition of power from President Barack Obama to President-Elect Donald Trump is underway. Although President-Elect Trump did not lay out specific policy prescriptions about data privacy or consumer protection during...more
11/28/2016
/ Administrative Appointments ,
Barack Obama ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Privacy Policy ,
Section 5 ,
Transition Team ,
Trump Administration ,
Unfair or Deceptive Trade Practices
The Financial Crimes Enforcement Network, or FinCEN, an arm of the United States Department of the Treasury, issued an advisory last week to remind financial institutions of their obligations to report cyber-events on...more
11/2/2016
/ Anti-Money Laundering ,
Bank Secrecy Act ,
Compliance ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Department of Financial Services ,
Financial Institutions ,
FinCEN ,
Information Sharing ,
New Regulations ,
Reporting Requirements ,
Suspicious Activity Reports (SARs)
Boards of directors remain increasingly exposed to the threat of liability arising from data breaches and other cyber-incidents.
Nearly a year ago, Senators Jack Reed and Susan Collins introduced the Cybersecurity...more
With the public comment period closing in a few days, the New York Department of Financial Services (DFS) “first in the nation” cybersecurity regulation is one step closer to becoming law. The regulation – which covers a...more
Banner Health recently announced that hackers may have gained “unauthorized access to patient information” and “payment card data” from approximately 3.7 million patients, health plan members, food and beverage customers, and...more
Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more
8/9/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
PHI ,
Ransomware
On June 29, 2016, the Bank for International Settlements’ (BIS) Committee on Payments and Market Infrastructures (CPMI) and the Board of the International Organization of Securities Commissions (IOSCO) issued “Guidance on...more
Has North Korea struck again? Do its recent attacks signal a shift from those motivated by political retribution to those motivated by financial gain? What does this mean for financial institutions?...more
More than a year and a half ago, Home Depot announced that it had been a victim of one of the largest data breaches in U.S. history. Media outlets reported that the breach had affected Home Depot’s customers who had made...more
5/9/2016
/ Article III ,
Banking Sector ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Financial Institutions ,
Free Identity Theft Protection ,
Hackers ,
Home Depot ,
Malware ,
Negligence ,
Popular ,
Qualified Settlement Funds ,
Standing
From the rise in ransomware attacks to inadvertent disclosure of information by subcontractors, the health services industry is reminded that a potential consequence of a data breach is the threat of a regulatory enforcement...more
4/26/2016
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
OCR ,
PHI ,
Ransomware ,
Subcontractors
By now, you’ve probably heard about the massive cyber attack that hit Bangladesh’s central bank last month, resulting in the loss of $81 million through fraudulent transfers to accounts in the Philippines. Although the size...more
Yet another regulator has weighed in on cybersecurity issues, adding to an already complicated and daunting mosaic of regulatory enforcement actions and guidance. Last week, the U.S. Food and Drug Administration (“FDA”)...more
This week, the United States Supreme Court upheld a conviction under the Computer Fraud and Abuse Act despite the Court’s acknowledgement that the jury had been wrongfully instructed on the elements of the crime charged. ...more
Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when. And waiting for a breach to occur before designing and...more
In a significant development, the FTC announced today that LifeLock, the identity theft protection company, has agreed to settle the FTC contempt charges against it for $100 million. This is the largest monetary award the...more
Last month’s terror attacks in Paris have re-ignited the long-standing debate between national security and privacy advocates over whether technology companies should be required to provide the government special access to...more
For your convenience, a short list of JD Supra writers covering the myriad issues raised surrounding Cybersecurity, date privacy and protection, and related matters. ...more