More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for...more
California continues to lead on data privacy protection. Since the adoption of the California Consumer Privacy Act (CCPA), cracking down on data breaches and promoting consumer privacy has remained a priority in the state....more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Equifax to Pay up to $700 Million as Part of Settlement for 2017 Data Breach - Equifax has agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the CFPB, and...more
As data are quickly becoming significant corporate assets, lawyers need to help companies both maximize the value of their data and protect the business against any associated risks. This is particularly true in M&A...more
“Smart” devices have become common, if not pervasive, experiences of daily life. Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks. Businesses may equip fleet drivers with smart...more
Regulating the Internet of Things (“IoT”) is a highly debated topic because it is hard for lawmakers to keep up with evolving technology. Simply put, IoT refers to a system of connected devices that can retain, analyze, and...more
In April 2018, Verizon released the 11th edition of its Data Breach Investigations Report. As usual, the Verizon DBIR contained interesting data points culled from more than 53,000 incidents and 2,216 confirmed data breaches....more
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical...more
About twelve years ago, when most people had never heard the term “data breach”, a colleague asked me what type of law I practiced. I tried to explain that I helped companies collect, secure, and share data, and, when data...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more
The news regularly reports on data breaches and cybersecurity. While we read about the biggest breaches – Home Depot, Target, Anthem, JP Morgan, Wyndham – probably every business has been hacked and will be hacked again. ...more
On December 23, 2015, Hyatt Hotels (Hyatt) reported that it was investigating cyberattacks that caused data breaches at its properties from August 13 to December 8, 2015. The investigation has revealed that hackers infected...more
The debate over standing in data breach litigation is gaining more attention lately. While many courts have hesitated to find standing prior to lost personally identifiable information (PII) actually being misused, the U.S....more
Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more
In a much anticipated decision, the Third Circuit Court of Appeals affirmed the authority of the Federal Trade Commission (FTC) to enforce actions against companies who have been subject to a data breach. The FTC sued...more
There’s a tempest amidst the recent spring shower of “cyber” insurance cases. It isn’t the Recall Total case reported the week before last, or the Travelers v. Federal Recovery Services case reported the week before. While...more