The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
In today's digital age, the health care industry faces a growing threat from scammers who don't have to use sophisticated cyberattacks; they can use the most routine task to steal information from unwitting and...more
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
Are you a health care provider, business associate, or other entity subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regarding the use and disclosure of protected health...more
It is official. On July 26, 2023, the Securities and Exchange Commission (SEC) passed rules regarding reporting "material cybersecurity incidents" within four business days of the determination, which will surely vex...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
On Thursday, May 19, 2023, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking and a request for public comment on proposed changes to the Health Breach Notification Rule (HBNR or, the Rule) that would...more
Artificial Intelligence (AI), including ChatGPT, has now ushered its way regularly into management conversations. How can AI benefit an organization, provide it with a competitive advantage, or make it more efficient? At the...more
On April 17, 2023, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a Proposed Rule to support reproductive health care privacy in the Federal Register. Through the...more
On March 22, 2023, the Health Resources and Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services, launched the Organ Procurement and Transplantation Network Modernization Initiative...more
In August 2022, LastPass – one of the largest password managers in the world – suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Password managers are an...more
On January 25, the Department of Veterans Affairs (VA) published a new final rule amending contractual provisions in the VA Acquisition Regulation (VAAR) to address data privacy, protection, and cybersecurity. The aim of the...more
If your management team and board of directors are not talking often about cyber liability and risk management, they will be soon. As a matter of both corporate and individual liability, recent enforcement makes it clear...more
For most companies, human resource departments handle one of their most valuable and sensitive information assets: the personal data of their employees and job candidates. While this dataset provides employers a goldmine of...more
On October 7, President Biden signed an Executive Order directing the federal government to implement U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF). The new Executive Order enhances...more
In mid-September, the Office of Management and Budget (OMB) released a memorandum requiring federal agencies to obtain attestation from software developers before running third-party software on government networks. Under...more
Earlier this week, the Federal Bureau of Investigation (FBI) published another notification alerting health care providers of increasing cyber threats to medical devices operating on unpatched or outdated devices. In its...more
In the wake of the Supreme Court's decision in Dobbs v. Jackson Women's Health Organization and the evolving legal patchwork now confronting both patients accessing reproductive health care and their health care providers,...more
Cyber whistleblowing is the newest and hottest area of exposure for organizations. All government contractors and grant recipients must develop an understanding of the use of the False Claims Act (FCA) to address...more
4/15/2022
/ Biden Administration ,
Civil Monetary Penalty ,
Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Grants ,
Popular ,
Qui Tam ,
Risk Management ,
Whistleblowers
In a show of continued emphasis on cybersecurity enforcement from U.S. government agencies in the wake of the Biden Administration's Executive Order on Improving the Nation's Cybersecurity (Exec. Order No. 14028, May 12,...more
2/17/2022
/ Biden Administration ,
Broker-Dealer ,
Cybersecurity ,
Enforcement Priorities ,
Executive Orders ,
Investment Adviser ,
Investment Companies ,
Investment Company Act of 1940 ,
Proposed Rules ,
Public Comment ,
Securities and Exchange Commission (SEC)
In a paradigm shift for cybersecurity, President Biden signed an ambitious Executive Order (the Order) on May 12 to address the increasingly sophisticated threats by malicious cyber actors to the nation's software supply...more
On Tuesday, December 8 one of the nation's leading cyber defense vendors (FireEye) announced it suffered a recent cyber-attack from a "highly sophisticated threat actor, one whose discipline, operational security lead us to...more
12/11/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Risk Management
On Tuesday, September 15, the U.S. Department of Health and Human Services Office of the National Coordinator (ONC), in partnership with the Office for Civil Rights (OCR), released an update to the previously published...more
Human resources can no longer just rely on their IT and legal counsel to focus on the concerns and issues surrounding cyberattacks. As more companies re-open and unemployment rates grow, cyber criminals are continuing to...more
On April 21, 2020, the U.S. Department of Health and Human Services released a series of announcements signaling its intention to finalize and enforce certain aspects of the Office of the National Coordinator (ONC) Cures Act...more
4/30/2020
/ Blocking Statutes ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health IT ,
OIG ,
ONC ,
Patient Access ,
Popular ,
Proposed Rules