The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode gives a brief history of the Report...more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of ransomware principally causing this surge have the potential to cause...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack.
Join members of BakerHostetler’s...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack....more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
4/19/2017
/ Chief Compliance Officers ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Hotlines ,
Incident Response Plans ,
Ransomware
Please join BakerHostetler’s Privacy and Data Protection team for a webinar to cover the results of the 2016 BakerHostetler Data Security Incident Response Report. Trends, top causes for a security breach, and steps you can...more
State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more
9/16/2015
/ Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Hackers ,
Incident Response Plans ,
NIST
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
Natural Provisions, Inc., a Vermont health foods grocery chain, agreed to pay $30,000 to settle claims brought by the Vermont attorney general that it failed to notify consumers and the attorney general within the statutory...more
The U.S. Department of Health and Human Services (HHS) has reported a $400,000 settlement with Idaho State University (ISU) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply.
...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more
1/29/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Risk Assessment ,
Risk Management
There has been a lot of discussion about the impact of Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules as well as the breach notification rules...more
The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”)....more
1/23/2013
/ Business Associates ,
Covered Entities ,
Data Protection ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as...more
1/22/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Risk Assessment ,
Vendor Contacts
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
1/21/2013
/ Compliance ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
HONI ,
Mobile Devices ,
OCR ,
Patient Confidentiality Breaches ,
PHI ,
Settlement
The long awaited HIPAA/HITECH Final Rule is out. The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance....more
1/18/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
Penalties
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by...more