Medical Device Legal News with Sam Bernstein: Episode 10
Drafting Consumer Breach Notices — From a Litigation Perspective - Unauthorized Access Podcast
IP|Trend: Dust up After the Breach
Hot Topics Roundtable for Fund Managers - Cybersecurity, Valuation, and More
Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more
The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
Selected U.S. Privacy and Cyber Updates - New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws - On August 1, 2024, New York Attorney General Letitia James issued two advanced notices of proposed...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
Last month, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under the Health Breach Notification Rule (“HBNR” or “the Rule”). In a complaint filed in February, the agency alleged that GoodRx...more
On February 1, 2023, the Federal Trade Commission (FTC) announced that it had taken enforcement action against prescription drug discount company GoodRx, which agreed to injunctive relief and to pay a $1.5 million civil...more
The Federal Trade Commission earlier this month undertook an enforcement action against online pharmacy and telehealth provider GoodRx, in the latest example of the agency seriously pursuing its role as the nation’s de facto...more
The Federal Trade Commission ("FTC") has brought its first enforcement action for violations of the Health Breach Notification Rule ("HBNR"), signaling heightened federal agency scrutiny of digital health platforms,...more
On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for...more
The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android...more
Proposed Modifications to HIPAA Regulations under Consideration - On December 14, 2018, HHS issued its Request for Information on Modifying HIPAA Rules to Improve Coordinated Care as part of its Regulatory Sprint to...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
FBI Issues Flash Alert on Apache Struts Vulnerability - The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most...more
The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
Adviser to European Court of Justice Says US-EU Safe Harbor Should Be Declared Invalid - An advisory opinion issued by the advocate general to the European Court of Justice states that the U.S.-EU Safe Harbor should be...more
A week after OCIE announced it would conduct a second round of cyber-security exams, the Commission emphasized the issue by bringing an enforcement action against a non-custodial investment-adviser over a remediated data...more
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
On January 13, 2015, in response to the continuing onslaught of cyber attacks, including the recent cybersecurity attack and data loss at Sony Pictures Entertainment, the Obama Administration sent to Congress three...more