- Utah Pathology Services, based in Salt Lake City, has reported a data breach involving approximately 112,000 patients. According to the medical practice’s “Notice of Data Incident,” the practice learned June 30 that “an...more
Report on Patient Privacy 20, no. 2 (February 2020) - A ruling from Georgia’s highest state court could set a precedent that determines recourse for victims of cyberattacks. The Georgia Supreme Court ruled in late December...more
Report on Patient Privacy 20, no. 1 (January 2020) - ? A cybersecurity breach temporarily halted cancer radiation treatment services at the Cancer Center of Hawaii on Oahu,[1] the center said. The center, which provides...more
Report on Patient Privacy Volume 19, Number 11. (November 2019) ? The biggest threat to protected health information comes from carelessness within your organization, according to a brief from the Clearwater...more
On October 1, 2018, a number of new laws affecting health care entities in Connecticut became effective. ...more
On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security...more
The Nevada Division of Public Health has announced that its Medical Marijuana Program online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana...more
According to several media outlets, Topps, whose products include sports trading cards, recently notified customers via email of a security breach. Information that may have been compromised includes bank account numbers,...more
Newkirk Products Inc., which provides ID cards and management services for healthcare organizations, including multiple Blue Cross Blue Shield organizations, has announced that it has discovered that its computer system was...more
StarCare Specialty Health System, located in Lubbock, Texas, is notifying 2,900 patients “who received Intellectual Developmental Disabilities program services, Behavioral Health program services, and Therapeutic Treatment...more
More than a year and a half ago, Home Depot announced that it had been a victim of one of the largest data breaches in U.S. history. Media outlets reported that the breach had affected Home Depot’s customers who had made...more
We previously reported that University of California Berkeley had suffered a data breach affecting 550 students and their families in April 2015. Last Thursday, UC Berkeley announced that a hacker broke into its Financial...more
In 2015, following numerous customer data security breaches at major U.S. companies, the IRS announced special tax relief to breach victims who were provided identity protection services as a result of the breach. In January...more
Editor's Overview - Happy New Year! Because 401(k) plans play an increasingly prominent role as an employee's principal retirement investment vehicle, fiduciaries overseeing those plans face increased pressure to see...more
The IRS released a bulletin on December 30, 2015, (Announcement 2016-02) announcing that it would extend the tax exemption issued in August to organizations who provide credit monitoring to its employees following a data...more
As reported here after last year’s customer data security breaches at major U.S. corporations, the IRS announced special tax relief for identity protection services provided to individuals affected by a security breach. In...more
Dow Jones & Co. Has notified 3500 of its customers that their information has been accessed by unauthorized individual in a data breach that spanned August of 2012 through July of 2015. The unauthorized access, through...more
On October 14, 2015, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force adopted the Cybersecurity Bill of Rights, a document meant to inform consumers of the services they can expect from...more
The National Association of Insurance Commissioners (“NAIC”) continued its efforts to advance cybersecurity in the insurance industry when it recently adopted the Cybersecurity Bill of Rights. The Cybersecurity Bill of Rights...more
On September 22, the U.S. Securities and Exchange Commission (“SEC”) and R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”), a St. Louis-based investment adviser, settled charges that R.T. Jones failed to adopt...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more
A week after OCIE announced it would conduct a second round of cyber-security exams, the Commission emphasized the issue by bringing an enforcement action against a non-custodial investment-adviser over a remediated data...more
Lawyers for former employees of Sony Pictures Entertainment (“SPE”) indicated in a September 2, 2015 filing that they have tentatively reached a settlement with SPE in the class action suit resulting from the data breach...more