No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
State AG Pulse | CT AG Reacts to Genetic Data Breach
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: State Privacy and Data Collection
Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more
As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more
You are the HIPAA privacy official of a hospital or health plan (a covered entity under HIPAA). You receive an email from a vendor that handles protected health information (a business associate), informing you that one month...more
Report on Patient Privacy Volume 23, no 1 (January 2023) The Centers for Medicare & Medicaid Services (CMS) said a data breach at a Medicare subcontractor impacted the personally identifiable information and protected...more
You’ve probably either played the game “Whac-a-Mole” yourself as a kid, or you watched your kid play it, at a Chuck E. Cheese or another similar arcade. It’s a simple game with five holes in which moles pop up and a soft...more
Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more
The surge in new health apps and connected devices, which only increased during the pandemic, continues to raise many legal and ethical questions. As a result, lawmakers have been scrambling to define the obligations...more
A myopic focus on protecting EMR (Electronic Medical Records) systems has left healthcare organizations open to shadow information risk. In a world where hackers and ransomware criminals are regularly compromising healthcare...more
In 2018, we published an article on Walgreens’ use of session replay scripts and how such use could lead to an accidental data breach under HIPAA. Last week, an article in Vox explained how Walgreens was again apparently...more
Report on Patient Privacy 21 no. 9 (September, 2021) - DuPage Medical Group in Chicago said that the personal information of more than 600,000 patients may have been compromised in a July cyberattack. The medical group,...more
Ransomware Particularly Inflicts Health Care and Life Sciences Organizations - Ransomware is a malicious cyber threat vector that employs encryption malware to prevent users from accessing their systems and data unless...more
Pennsylvania Governor Tom Wolf announced this week that the Commonwealth will not continue to do business with its contact tracing vendor following a security incident that potentially exposed the personal information of...more
Cyberattacks against healthcare providers accounted for 79% of all reported data breaches in 2020. (See here). The U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and...more
Users of Universal Health Services (UHS), one of the largest healthcare systems in the country, recently lost access to electronic medical records when UHS suffered a ransomware attack and took its systems offline to...more
Report on Patient Privacy 20, no. 11 (November 2020) - HHS Office of the National Coordinator (ONC) for Health Information Technology (ONC) is giving health care organizations more time to meet new rules on information...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion....more
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), over 30 reports of data breaches have been filed by health care...more
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer...more
In accordance with the Inflation Adjustment Act, the Department of Health and Human Services (HHS) has updated its regulations to reflect required annual inflation-related increases to civil monetary penalties, including...more
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for failing to meet HIPAA privacy and security...more
The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (“Jackson”), a not for profit hospital system comprised of six hospitals, urgent care centers, nursing facilities and primary care...more