In a March 31, 2025 letter, the Chair of the FTC, Andrew Ferguson, wrote to the Acting U.S. Bankruptcy Trustee and set out the FTC’s expectations for the protection of consumer information held by 23andMe.
As we noted...more
The chapter 11 bankruptcy cases of 23andMe Holding Co. and its affiliated debtors (collectively, “23andMe”), the company that provides direct-to-consumer genetic testing and ancestry services, has prompted a wave of panicked...more
3/28/2025
/ 23andMe ,
Bankruptcy Code ,
California Consumer Privacy Act (CCPA) ,
Chapter 11 ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Privacy Laws ,
Privacy Policy
On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more
The Federal Trade Commission's first update in over a decade to its rules under the Children’s Online Privacy Protection Act (“COPPA”) did not bring the dramatic updates that some privacy advocates had requested. Instead, the...more
1/23/2025
/ Biometric Information ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Data Retention ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Online Safety for Children ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda
Overall, the Report recognized the complex interplay between AI advancement and privacy/security concerns, advocating for a balanced approach that promotes innovation while protecting individual rights and national interests....more
The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health...more
12/30/2024
/ Business Associates ,
Comment Period ,
Covered Entities ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
HITECH Act ,
NPRM ,
OCR ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Rulemaking Process
As the holiday season is upon us, businesses must remain vigilant against the increased threat of cybersecurity hacks and scams. Cybercriminals often exploit the festive atmosphere and increased online activity to target...more
As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
9/20/2024
/ Artificial Intelligence ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Health Technology ,
Healthcare ,
Medical Devices ,
PHI ,
Popular ,
Risk Assessment
The Massachusetts Attorney General’s Office (AGO) issued an announcement last week to inform consumers who may have had their personal information breached in Change Healthcare’s cyberattack this past February. The AGO was...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
State Attorneys General play a significant role in shaping health care policy across the country. While the national debates over health care policy in Congress and the federal government receive significant media attention,...more
The FTC has updated its HBNR to clarify that the rule also restricts marketing practices involving personal health information. This update to the HBNR was announced on April 26, 2024, and follows several recent enforcement...more
4/29/2024
/ Breach Notification Rule ,
Data Breach ,
Data Privacy ,
Data Protection ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
PHI ,
Regulatory Agenda ,
Regulatory Reform ,
Technology
I was pleased to take part in the “Transforming Care – Strategies for Integration of Artificial Intelligence in Healthcare” discussion, hosted by the New England Healthcare Executive Network at Foley Hoag on April 1. The...more
On March 26, 2024, the HHS Office of Inspector General (OIG) released a cybersecurity toolkit for HHS leaders to help them plan and deploy information systems in response to disasters and public health emergencies. The...more
Change Healthcare Cyberattack -
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change...more
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules. These updated rules require telecommunications providers to report breaches of customer proprietary network...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
11/28/2023
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
FBI ,
NIST ,
Popular ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Sensitive Business Information
If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the...more
11/27/2023
/ Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Healthcare ,
Information Technology ,
Internet ,
Mitigation ,
New Guidance ,
Public Health ,
Technology Sector
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies. According to NordPass’s analysis, the “top” 20 passwords are:
-...more
Massachusetts Extends Protections for Counseling Records of Survivors of Sexual Assault -
The Massachusetts Supreme Judicial Court has ruled in In the Matter of a Motion to Compel, SJC-13336 that the Superior Court could...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules requiring disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk, management, strategy, and governance...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 13, 2023, the Biden Administration released its National Cybersecurity Strategy Implementation Plan (NCSIP) with the goal of providng transparency and coordination for its existing goals. The NCSIP details more than...more
In the FTC’s first case focused on the privacy and security of genetic information, the FTC alleges that San Francisco-based Vitagene, Inc. – now known as 1Health.io – failed to live up to its promises and unfairly changed...more
6/21/2023
/ Cloud Storage ,
Confidential Information ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Data Use Policies ,
DNA ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
Life Sciences ,
Personal Information ,
Privacy Laws
It’s been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I...more