The major current cybersecurity story involves a popular SolarWinds network managing software package, Orion. A sophisticated actor, with the signatures of a nation state, infiltrated Orion in a software update. Once inside,...more
A federal court has held that neither the work product nor attorney-client privilege doctrines shield a cyber expert’s report from discovery....more
2020 was a year like no other. From an unprecedented “work from home” shift to a blockbuster European court ruling to a mammoth cyber attack, businesses scrambled to adapt to an endless series of cyber challenges. 2021 shows...more
1/20/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Popular
Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more
11/25/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
We have previously written about “phishing.” Phishing involves using social pressure to trick the recipient to send sensitive information, network control, or credentials, to hackers posing as authorized users....more
In a ruling that could have broad ramifications for health data sharing, a federal judge has ruled that a patient complaining about a hospital sharing his health data without permission lacked standing because he suffered no...more
The United States Department of Health and Human Services (HHS) has closed an investigation into a Rhode Island health system stemming from a 2017 breach. Briefly summarized, Lifespan Health System Affiliated Covered Entity...more
The holidays are over. 2020 is upon us. And for American businesses with any connection to California, this means one thing: the California Consumer Privacy Act (CCPA), America’s version of GDPR is here. It is a phased...more
As Congress continues to wrestle with federal privacy legislation, the states have been lining up alternative proposals. North Carolina has introduced its own bipartisan bill. The bill, H.B 904, will not pass this year. Even...more
Last week, Indiana based Medical Informatics Engineering, Inc. (MIE) agreed to pay $100,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). MIE provides electronic health record and related...more
6/6/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
PHI ,
Popular ,
Settlement ,
State Attorneys General
North Carolina joined Attorneys General from a dozen states in suing Indiana based Medical Informatics Engineering (MIE) and affiliates. The complaint alleges that the companies failed to undertake reasonable measures to...more
In finding a common law duty to protect employees’ personal data, the Pennsylvania Supreme Court has unexpectedly, and dramatically, altered the contours of the data breach litigation landscape....more
Missouri’s Cass Regional Medical Center (CRMC) was recently hit with a ransomware attack. Existing patients continued to receive care, but incoming trauma and stroke patients were diverted to other facilities. The hospital...more
IT, we have a problem. Reports of cybersecurity incidents continue to come in thick and fast. In November 2017, Equifax announced a mammoth data breach that it estimated would cost more than $140 million to address....more
The Securities and Exchange Commission (SEC) has undertaken its first enforcement action in connection with a public company’s failure to timely disclose cyber-issues. Last month, Altaba Inc., the former Yahoo! Inc. (Yahoo!),...more
The year was 2005. The iPhone was still two years away. Facebook was still a niche product. Tweeting was a birds-only activity. And North Carolina was one of the first states in the union to enact a data breach notification...more
As data breaches go, they don’t get much bigger than this. On Thursday, September 7, credit reporting giant, Equifax, reported that it had suffered a cyber-incident. 143 million consumer records, including names, birth dates,...more
In 2013, hackers attacked a venerable Swansea, Massachusetts institution via ransomware. Ransomware is software that locks users out of computers or specific files until the victim pays a “fee” to release the lock. Such...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Oregon Health & Science University (OHSU) recently entered into a resolution agreement to settle potential violations of HIPAA’s Privacy and...more