Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM) attacks that can occur during the transmission of information. In a … Continue Reading
Data breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading
Small and medium-sized businesses are turning to software as a service (SaaS) solutions for their IT needs more and more frequently. SaaS solutions can provide end-users with quicker, cheaper access to software that they might not otherwise have at their … Continue Reading
For those in the healthcare industry, the privacy and security of information is vital to operations, but the importance and value of health information also makes the industry a prime target for threats. Studies suggest that the vast majority of … Continue Reading
Our Data Privacy and Security team is currently assisting multiple clients in responding to nearly identical fraudulent requests for IRS Form W-2 information. Significantly, these clients are in a number of industries and are located in a variety of states, … Continue Reading
Civilian privacy officers and counsel have a rare opportunity following the publication of the January 6, 2017 report from the Office of the Director of National Intelligence, commissioned by Former President Obama, regarding Russian hacking and influence efforts in “recent … Continue Reading
Throughout the past several years, data privacy and security practices have evolved into more than just defending against identity theft and protecting sensitive data. In fact, since 2014, to help raise awareness for data protection issues, the United States designated … Continue Reading
Earlier this year, the Supreme Court, in Spokeo, Inc. v. Robins, held that a bare procedural violation of a statutory requirement, divorced from any concrete harm, does not establish the injury-in-fact necessary to maintain a lawsuit in federal court. … Continue Reading
On December 1, 2016, the Commission on Enhancing National Cybersecurity (Commission)—established ten months earlier by President Obama—released its Report on Securing and Growing the Digital Economy (Report). The 50-page Report includes six major imperatives with 16 recommendations and 53 associated … Continue Reading
Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, … Continue Reading
With tax season around the corner, the Internal Revenue Service (IRS) has begun its yearly campaign to educate taxpayers on the importance of protecting their personal information. However, a recent audit of the agency’s email use reveals the awkward truth … Continue Reading
Until relatively recently, retirement plans have not made the news as targets of data breaches. This is somewhat surprising, given the wealth of participants’ personal data stored online by these plans. This past summer, however, two plans experienced cybersecurity incidents, … Continue Reading
In another twist in the LabMD case, LabMD has succeeded in obtaining a delay on the FTC’s enforcement action during its appeal. Of course, the substantive issues remain to be determined.
In 2013, the Federal Trade Commission (FTC) issued … Continue Reading
St. Jude’s Medical has filed a defamation lawsuit against short-seller, Muddy Waters LLC, and cyber-security research company, MedSec Holdings, along with executives at the companies, following allegations by the companies of cybersecurity vulnerabilities in some of St. Jude’s medical devices.… Continue Reading
Part 1 of this two-part series outlined the mechanics and dangers of ransomware. In Part 2, this post will examine what steps to take, or not to take, during and after a ransomware attack.
“We’ve Been Hit – Now What?”… Continue Reading
The Federal Trade Commission (FTC) is conducting a three-part fall conference workshop on select technology issues. The first conference was held on September 7th about ransomware. The second conference was held on October 13th about Drones and … Continue Reading
This morning the FCC voted along party lines to adopt rules subjecting broadband internet service providers (ISPs) to new consumer privacy regulations. According to the FCC’s press release, the rules give “customers the tools they need to make informed decisions … Continue Reading
Beginning early on October 21, 2016, Dyn, a New Hampshire based internet service company, was the victim of three distributed denial of service (DDoS) attacks. The first attack began at 7am ET and was resolved within about two hours. A … Continue Reading
The Department of Health and Human Services Office for Civil Rights (OCR) issued long-anticipated guidance to help covered entities and their business associates — including cloud service providers (CSPs) — comply with the Health Insurance Portability and Accountability Act (HIPAA) … Continue Reading
On September 9, 2016 the Federal Financial Institution Examination Council (FFIEC) updated its Information Security Booklet (available here). In addition to certain editorial non-substantive changes, the modifications include revisions to IT risk management and information security processes, and … Continue Reading
As anticipated, things are getting even more exciting with the case previously covered in Password Protected. Specifically, LabMD is appealing the landmark data security case between it and the Federal Trade Commission (“FTC”) that examines an alleged data breach, … Continue Reading
Quick to blame a state-sponsored organization, Yahoo announced at least 500 million of their account holders had their information stolen – in 2014.
While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29, 2016, the FTC … Continue Reading
Look no further than the last three weeks for proof that HIPAA enforcement is on the rise.
Failure to maintain the security of information systems containing patient information has cost healthcare providers over $10 million in recent settlements of alleged … Continue Reading