In recent years, data breaches have escalated from isolated technical issues to significant legal battles. Businesses are witnessing a sharp rise in data breach lawsuits, underscoring the growing legal risks associated with...more
AI tools often drive efficiency and save money, but they have drawbacks. Here’s what to know....more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
The SEC’s Office of Compliance Inspections and Examinations published a series of observations gleaned from thousands of exams over a period of years. While OCIE’s charge is the inspection of certain SEC registrants the...more
On January 16, the Commerce Department’s National Institute of Standards and Technology (NIST) released version 1.0 of its Privacy Framework: A Tool for Privacy Through Enterprise Risk Management. The product of a two-year...more
Did you know Americans lost nearly $150 million dollars to real estate internet scams last year? That makes real estate cyber crime a greater risk to Americans than identity theft ($100 million in losses) or credit card fraud...more
Information is one of your company’s most valuable assets. It is critical to remain vigilant to protect against the latest cybersecurity threats and to comply with expansive privacy obligations. Join us in New York City for...more
The rapid adoption of Industry 4.0 technologies leaves manufacturers with a choice: accelerate with the market or be left behind. According to a 2019 Global Market Insights, Inc. report, the market for artificial intelligence...more
About twelve years ago, when most people had never heard the term “data breach”, a colleague asked me what type of law I practiced. I tried to explain that I helped companies collect, secure, and share data, and, when data...more
On August 7, 2017 the Securities and Exchange Committee (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released yet another cybersecurity Risk Alert entitled, “Observations from Cybersecurity...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more
The WannaCry ransomware attack was first reported on Friday, May 12. Within hours, it shut down thousands of computer systems, locking users out of their own files. The latest report estimates over 300,000 computers in 150...more
Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act (HIPAA)1 and state laws; however, there are other references to...more
Unfortunately even the best technological defenses won’t protect your company’s intellectual property and data if your employees inadvertently or intentionally take actions to compromise confidential information. The key to...more
In late August, the Privacy Commissioner of Canada and the Australian Privacy Commissioner published the results of their joint investigation into the hack of notorious infidelity site, Ashley Madison, and its parent company,...more
Covered entities and business associates are required to identify and report breaches of unsecured protected health information (“PHI”) and security incidents. “Breach” is defined as the acquisition, access, use, or...more
The news regularly reports on data breaches and cybersecurity. While we read about the biggest breaches – Home Depot, Target, Anthem, JP Morgan, Wyndham – probably every business has been hacked and will be hacked again. ...more
On December 23, 2015, Hyatt Hotels (Hyatt) reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015. The investigation has revealed that hackers infected...more
The title, of course, begs the question: does your business even have an Information Governance Program? If not, you should get one—quick. An integrated Information Governance Program is considered a “best practice” to...more