News & Analysis as of

Data Breach Data Security Enforcement Actions

Robinson+Cole Data Privacy + Security Insider

Northeast Radiology Settles with OCR

The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000....more

Clark Hill PLC

Right To Know - April 2025, Vol. 28

Clark Hill PLC on

Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. ...more

Sheppard Mullin Richter & Hampton LLP

Auto Insurer Settles With New York AG Over Insurance Application Platform Security Issues

The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers...more

Alston & Bird

UK’s Data Protection Regulator Fines a UK SaaS Provider ~$4 Million Following a Ransomware Incident

Alston & Bird on

On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered...more

Cozen O'Connor

NY Settles With Insurer on Data Breach Rooted in Security Deficiencies

Cozen O'Connor on

New York AG Letitia James settled with Root Insurance Company to resolve allegations that the company’s data security deficiencies led to a 2021 data breach involving 72,000 people, in violation of state consumer protection...more

Foley Hoag LLP - Security, Privacy and the...

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more

Morrison & Foerster LLP

2024 State AGs Year in Review

In 2024, state attorneys general (State AGs) focused on a broad variety of areas and industries including, in particular, emerging industries such as artificial intelligence (AI) and privacy and social media protections....more

Baker Botts L.L.P.

Ninth Circuit Upholds Conviction of Former Uber Security Chief Joseph Sullivan in Connection with 2016 Uber Data Security Breach

Baker Botts L.L.P. on

On March 13, 2025, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit unanimously upheld the conviction of former Uber Chief Security Officer Joseph Sullivan. The ruling affirms Sullivan’s 2022 conviction...more

Proskauer on Privacy

Proskauer on Privacy: 2024 Reflections & 2025 Predictions

Proskauer on Privacy on

2024 marked another significant year for privacy law, with new state legislation and high-stakes litigation reshaping the landscape. Legal battles over tracking technologies, biometric data, and children’s privacy...more

Shook, Hardy & Bacon L.L.P.

OCR Enforcement Activity: Trends and Insights From a Limited Sample

Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more

Nilan Johnson Lewis PA

Nine Steps Healthcare Entities Should Take to Prevent Cyberattacks

Nilan Johnson Lewis PA on

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently imposed a $1.5 million civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of eyewear, for...more

WilmerHale

Health Data Privacy & Security: A Look Back at the Final Enforcement Push From HHS Under the Biden Administration

WilmerHale on

In the final days of the Biden Administration, the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”) remained active in resolving a large number of investigations, reflecting the agency’s...more

Robinson+Cole Data Privacy + Security Insider

FTC Takes Action Against GoDaddy for Alleged Lax Data Security

The Federal Trade Commission (FTC) issued a proposed settlement order against GoDaddy alleging that it “has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting...more

Health Care Compliance Association (HCCA)

With Nod to OCR, Indiana Inks $350K Deal With Dental Firm Following Hack

Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more

Saul Ewing LLP

Two CMPs and One Settlement Close Out 2024 HIPAA Enforcement

Saul Ewing LLP on

December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more

American Conference Institute (ACI)

[Event] 2nd National Conference on Cybersecurity Law & Compliance - January 29th - 30th, Arlington, VA

Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more

Robinson+Cole Data Privacy + Security Insider

A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements

2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy...more

Troutman Pepper Locke

Movie Theater Data Breach Leads to Settlement and Class Action Lawsuits

Troutman Pepper Locke on

New York Attorney General (AG) Letitia James and global movie theater operator National Amusements, Inc. (National) settled a lawsuit stemming from a 2022 data breach reported by National, which affected 82,128 National...more

Sheppard Mullin Richter & Hampton LLP

New York AG Settles EnforcemENT Action with ENT

The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more

Saul Ewing LLP

No “Trick”: Plastic Surgery Practice Agrees to Pay a $500,000 HIPAA Settlement Following Ransomware Attack

Saul Ewing LLP on

On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more

Robinson+Cole Data Privacy + Security Insider

CT AG Settles Data Breach Case with Guardian Analytics

Connecticut Attorney General William Tong announced on October 21, 2024, that his office has settled a data breach case against Guardian Analytics, Inc. for $500,000. The data breach affected the personal information of...more

Clark Hill PLC

Right To Know - October 2024, Vol. 22

Clark Hill PLC on

Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more

Allen Matkins

SEC Continues Its Persecution Of Crime Victims

Allen Matkins on

More than a decade ago, I expressed concern about the Securities and Exchange Commission's predilection for targeting victims of crimes.   That concern related to an enforcement action against a company that had been...more

Robinson+Cole Data Privacy + Security Insider

Marriott and Starwood Settle on Consent Agreement with FTC for Data Breaches

This week, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, Marriott) agreed to settle on the terms of a settlement order with the Federal Trade Commission (FTC) for its...more

Nelson Mullins Riley & Scarborough LLP

[Webinar] Keeping Up With and Staying Ahead of FCC Actions on Data Privacy and Security - October 22nd, 12:00 pm - 1:00 pm EDT

Carriers have an obligation to protect customer proprietary network information (CPNI) and personally identifiable information (PI). Several recent FCC consent decrees resolving breaches of CPNI and PI show the FCC will hold...more

195 Results
 / 
View per page
Page: of 8

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide