Healthcare groups and their business associates that want to transmit share protected health information must do so in line with the HIPAA Privacy Rule, which restricts the potential uses and disclosures of PHI, but de-identification of protected health information...
In France the data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), has penalised French retail giant Carrefour more than €3m ($3.7m) in relation to a number of breaches of the European Union’s General Data Protection Regulation....
The U.S. National Security Agency (NSA) has issued a cybersecurity advisory warning Russian state-sponsored hacking groups are targeting a vulnerability in VMWare virtual workspaces used to support remote working. The flaw, tracked as CVE-2020-4006, is present in...
University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the time period between January 30 and January 31, 2020...
Some have called it the “new normal”. Others speak of the “Post-Covid world.” More positive and hopeful voices tell us that the Covid-19 pandemic, while painful, is but a temporary hiccup in the history of humanity. Whatever the truth of the matter it is clear that...
In Canada Minister of Innovation, Science and Industry Navdeep Bains has introduced the proposed Digital Charter Implementation Act, 2020 which aims to bring the framework up to date for the security of private data in the corporate sector. The proposed Digital...
Listed here is a summary of some of the most significant HIPAA breach cases that have lead to settlement agreements with the Department of Health and Human Services’ Office for Civil Rights (OCR). We have also listed some cases that have been pursued by OCR after a...
In California the California Privacy Rights Act (CPRA) ballot initiative has been passed after winning the approval of 56% of votes. This means that Californiance Consumers Privacy Act will be amended to incorporate additional rights for the consumer. Along with this...
Following claims of breaches of federal and state legislation, linked to a data breach involving the protected health information of 9,700 customers of two ShopRite supermarkets in Millville, New Jersey and Kingston NY, Wakefern Food Corporation has agreed to pay...
HIPAA compliance is already provided by Amazon for its cloud platform AWS and the group is aiming to increase the use of the Alexa voice recognition technology within the healthcare sector. There is great potential for Alexa to make a lot of workflows much more...
Microsoft have made a new patch available to address a critical remove code execution flaw in the Microsoft Windows Transmission Control Protocol (TCP)/IP stack. The flaw is related to how the TCP/IP stack manages Internet Control Message Protocol version 6 (ICMPv6)...
A third set of proposed modifications to the California Consumer Privacy Act (CCPA) has been released by the California Department of Justice. The California attorney general became authorized to enforce the law on July 1, 2020, and the California Office of...
Anthem Inc. has come to an agreement to settle actions by state attorneys general in different US states in relation to the 2014 78.8 million record data breach. Along with the $48.2 million financial penalty, Anthem has committed to implementing a number of...
An alert has been released by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) after a noticeable increase in LokiBot malware activity was recorded in the past eight weeks. LokiBot – also referred to as Lokibot, Loki PWS,...
The Athens Orthopedic Clinic has agreed to pay $1.5 million and comply with a corrective action plan in order to resolve allegations of multiple HIPAA violations made against the clinic by HHS’ Office for Civil Rights. In June 2016, a journalist working for...
The second annual National Insider Threat Awareness Month (NITAM) has been kicked off frequently, and assistance is being provided being made available to emphasize the importance of tackling insider threats. This event is a group project produced by NITAM and a...
Another four healthcare suppliers have broadcast HIPAA breach alerts in relation to the Blackbaud ransomware attack and data breach. Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had been impacted, an...
In California an accusation that the illegal harvesting the biometric data of over 100 million Instagram users has taken place has resulted in legal proceedings being initiated against Facebook, owner of the image sharing social media platform. The legal action was...
Norton Audubon Hospital has revealed that a HIPAA violation that a patient alleged took place led to the termination of the registered nurse’s employment contract. The nurse in question, Dianna Hereford, initiated a legal action in the Jefferson Circuit Court...
Two court rulings made in July 2020 may prove to be among the most important legal precedents that American tech companies will ever have had to come to grips with. What is particularly interesting about these two decisions is that they were not made by the Supreme...
A California federal court legal action alleges that Google has been tracking smartphone users’ app activity without adequate authorization in breach of the California Consumer Privacy Act. The legal action that was filed in the Northern District of California last...
The Federal Bureau of Investigation (FBI) has released a (TLP:WHITE) FLASH alert following a rise in attacks using Netwalker ransomware. Netwalker is a new threat on the ransomware scene, first spotted in March 2020 after attacks on a transportation and logistics...
A massive phishing campaign which was being operated in 62 countries has been taken down by Microsoft. First spotted by Microsoft’s Digital Crimes Unit (DCU) in December 2019, this particular phishing campaign was trying to steal the Office 365 credentials of...
The European Court of Justice has today issued a ruling that voids the existing Privacy Shield agreement for data sharing between the European Union and United States due to the fact that it does not adequately safeguard the private data of European citizens. The...
Currently, there is no private cause of action in HIPAA, so a patient cannot take a legal action for a HIPAA violation. Even if HIPAA Rules have clearly been breached by a healthcare provider, and harm has been sustained due to this, it is not possible for patients to...
In a statement released on the 29th of June 2020, TikTok, the Chinese video-sharing social networking service owned by ByteDance, announced its decision to move the responsibility for safeguarding the privacy of its European users to its Irish and UK entities. ...
Following mediation talks, there has been an agreement to a proposed settlement between Grays Harbor Community Hospital and Harbor Medical Group and the representative plaintiff in a proposed class action lawsuit connected to a June 2019 ransomware attack that lead to...
Several security flaws have been discovered in the remote access system, Apache Guacamole, a system which has been implemented by many companies to allow administrators and employees to access Windows and Linux devices remotely. The system has proven popular since the...
Because HIPAA was enacted a number of years prior to the evolution of social media platforms, there are no provisions specifically addressing social media networks and PHI in the HIPAA text. However, this does not mean HIPAA does not apply to social media networks. In...
Due to an alleged failure to put in place appropriate security measures to safeguard protect personal information, online design marketplace Minted Inc. is facing a class action lawsuit for breaching the California Consumers’ Privacy Act. The proposed class...
A bipartisan group of Senators have introduced a bill dedicated to securing contact tracing and exposure notification apps that will be implemented to manage the spread of COVID-19. One of three bills introduced, the Exposure Notification Privacy Act is was formulated...
Groups that are hit by a ransomware attack may be tempted to pay the ransom to reduce downtime and save on recovery costs, but a survey conducted by Sophos suggests organizations that pay the ransom actually end up spending a lot more that groups who can rescue files...
Implemented on the 25th of May 2018, Europe’s General Data Protection Regulation (GDPR), has now entered the terrible twos. Birthdays are an occasion to take stock, and this anniversary is particularly interesting from an American perspective. For those who need...
Using a HIPAA compliance guide will put you in a position to ally your group and your business associates to gain a proper understanding of the requirements associated with the Health Insurance Portability and Accountability Act (HIPAA). It is vital that all...
Last week a group of four four Republican Senators revealed that they are proposing federal privacy legislation that will establish rules in relation to the collation and use of personal information during the Coronavirus pandemic. The group, which includes Roger...
The California Privacy Rights Act (“CPRA”), an Act that was drafted to address some of the supposed shortcomings of the recently introduced Californian Consumers’ Privacy Act (CCPA), has moved closer to a reality as advocates have secured 900,000 of the 1...
Due to the COVID-19 Pandemic, many groups have have to quickly set up remote working capabilities for their staff. As a result of this there has been increased potential for cybercriminals to initiate campaigns. Remote workers have been attacked on an even greater...
Fresh Data Breach Heartbreak for Marriott Hotel Group In December 2018, Marriott International disclosed a breach which had impacted some 383 million guest records. Industry specialists at the time viewed the data failure as a key example of the risks inherent in...
The National Security Agency has release cybersecurity guidance for teleworkers to help enhance security when staff are working remotely. The guidance has been made available primarily for U.S. government employees and military service members, but it is also...
Virgin Media Ltd, which provides television, telephone and internet services throughout the United Kingdom may have to fork out up to £4,500,000,000 (roughly $5.5 billion) after a data security breach in which personal information belonging to its customers was...
Stockdale Radiology in California has revealed that patient privated data has been compromised due to a ransomware attack that took place on January 17, 2020.An internal review confirmed that the hackers gained access to patients’ first and last names, addresses,...
California Attorney General Xavier Becerra has released a statement, reminding Californians of their rights in relation to their privacy, which further emphasized his office’s commitment to stick to the July 1 2020 enforcement date for the California Consumer...
It has been announced that the Department of Health and Human Services (HHS) will be easing the sanctioning of penalties in relation to specific data privacy breaches during the COVID-19 pandemic. The Notice of Enforcement Discretion applies to breaches of the HIPAA...
Zoom, a video conferencing software application that has experienced explosive growth due to the social distancing measures introduced globally during the COVID19 crisis, has had a class action lawsuit filed against it in the Northern District of California this week...
Following the declaration of a state of emergency by California Governor Gavin Newsom in a bid to stem the surge of COVID-19, trade associations have issued a plea to have CCPA enforcement suspended until 2021. The pleas was directed towards California Attorney...
It is important to remember that, despite the wide-reaching and deep impact the the COVID-19 pandemic, the rights of individuals to have their protection respected are as important and relevant as ever. In recent weeks we have see a relaxing on the policing of HIPAA...
The Marriott Hotel Group has revealed that it has suffered its third data breach in just over two years and has impacted the private data of up to 5.2m guests. The hotel group that operates Marriott Hotel, Starwood Hotels released a statement that said uses an...
Chief Information Security Officer for the World Health Organization Flavio Aggio has revealed that there has been a massive increase in the amount of cyber-attack registered against his group since the COVID-19 Pandemic began. When questioned in relation to the...
Privacy Authority to impose $8 Million Penalty Google has announced that it intends to appeal the recent General Data Protection Regulation fine, its second, levied by Sweden’s Data Protection Authority against the internet giant. A fine of 75 million kroner...
The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused by...
Hackers, spammers and cybercriminals are always leveraging current events to try and target susceptible Internet, SMS and email users and the coronavirus COVID 19 is no different. In the United States an alerts has been issued by the Indiana Attorney General’s...
The UK’s Information Commissioner’s Office, or ICO, has imposed a fine of £500,000 ($603,750) on Cathay Pacific Airways for its failure to adequately protect the personal data of customers. The half-million pounds fine is in fact the maximum possible under the...
The Lake Success, NY-located home health company, Personal Touch Home Care (PTHC), has begun contacting clients to advise them that a ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc. may have resulted in a portion of their...
The California Consumer Privacy Act (CCPA), which became enforceable on January 1 2020 has resulted in may Californian-based businesses struggling to ascertain what they must do to achieve compliance with the new legislation. In addition to this, on February 10, the...
Various industry specialists, including Adobe Analytics, have reported that increasing consumer concern, and indeed shop closures, following the worldwide COVID-19 outbreak is already influencing our online shopping behaviour in a significant manner. While traditional...
The amount of data breaches that were conducted globally in 2019 was more than in any other previous year, coming in at a total of 7,098 detected breaches. While this might be seen as just a very small in the 7,035 breaches reported during 2018, the rise reported in...
The HIPAA password requirements list the procedures must be established in order to successfully and safely create, amend and protect passwords unless a different, equally-effective security measure is put in place. We suggest the best way to adhere with the HIPAA...
In California a state senator in California is submitting proposed legislation which would allow for greater direct supervision in relation to direct genetic testing companies to the consumer. Santa Ana Democratic Senator Thomas Umberg has formulated the proposed...
A newly-published report from the ransomware incident response outfit Coveware indicates that payments completed by ransomware victims grew noticeably during Q4, 2019. The average ransomware payment grew by 200% during Q4, as two of the most prolific ransomware groups...
Experts at TechCrunch have discovered a security flaw in a website hosting an internal customer relationship management system used by the clinical laboratory network LabCorp. While the system was password protected, the experts discovered found a flaw in the part of...
An advisory has been released by California Attorney General Xavier Becerra reminding consumers of their new rights under the California Consumer Privacy Act (CCPA), which became enforceable January 1 this year. In the advisory Becerra outlines the rights allocated to...
As the number of medical professionals using personal mobile devices to communicate and collaborate on patient concerns increases it becomes more and more important to ensure that healthcare groups address the use of technology and HIPAA compliance. Many forms of...
The FBI has released a TLP:Amber alert as a reaction to a number of cyberattacks involving the ransomware strainsLockerGoga and MegaCortex. The threat actors employing these ransomware variants have been focusing on large enterprises and organizations and normally...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed a $65,000 HIPAA violation settlement has been agreed with West Georgia Ambulance, Inc., to address multiple breaches of Health Insurance Portability and Accountability Act Rules....
From today the Californian Consumer Privacy Act becomes enforceable, state-level legislation that obligates companies to alert users of the intent to monetize their data, and give them a simple way of opting out of this. It governs, and has massive implications for...