Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
9/21/2015
/ Breach Notification Rule ,
Cloud Computing ,
Corrective Actions ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Privacy Rule ,
Risk Assessment
In Part I, we discussed the Third Circuit's finding that the "unfair" prong of the FTC Act does not require the agency to provide specific cybersecurity standards with "ascertainable certainty" to which companies must...more
In March, we reported on the Business E-mail Compromise (BEC) scam where criminals target employees responsible for wiring company money, and trick them into wiring money under false pretenses to fraudulent accounts...more
9/8/2015
/ Business E-Mail Compromise (BEC) ,
Criminal Conspiracy ,
Cyber Crimes ,
Cybersecurity ,
Email ,
Email Policies ,
FBI ,
Fraud ,
Hackers ,
Money Transfer ,
Popular ,
Scams
On Monday, the Third Circuit issued a highly anticipated opinion affirming the Federal Trade Commission's authority to regulate "unfair" cybersecurity practices under Section 5 of the FTC Act. In allowing the data breach...more
8/27/2015
/ Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit Cards ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Fraudulent Charges ,
FTC v Wyndham ,
Hackers ,
Section 5 ,
Wyndham
Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more
8/26/2015
/ ATMs ,
Banking Sector ,
Banks ,
Caremark claim ,
Cloud Computing ,
Compliance ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Debit Cards ,
FFIEC ,
Financial Institutions ,
Hackers ,
Internet Service Providers (ISPs) ,
Mobile Payments ,
NCUA ,
NIST ,
OCC ,
Regulatory Standards ,
Risk Management
The Seventh Circuit reinstates the Neiman Marcus data breach class action lawsuit after finding that increased risk of future fraudulent charges and greater susceptibility to identify theft are sufficient for standing.
...more
8/3/2015
/ Article III ,
Class Action ,
Credit Monitoring ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Fraudulent Charges ,
Free Identity Theft Protection ,
Identity Theft ,
Neiman Marcus ,
Popular ,
Standing
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton,...more
7/31/2015
/ Compliance ,
Corporate Counsel ,
Corporate Governance ,
Corrective Actions ,
Cybersecurity ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EHR ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Security Rule ,
Settlement
On Feb. 3, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) each released reports regarding cybersecurity issues for brokerage and advisory firms, both of which should be...more
6/18/2015
/ Broker-Dealer ,
Brokers ,
C-Suite Executives ,
Cybersecurity ,
Enforcement ,
Financial Industry Regulatory Authority (FINRA) ,
Industry Examinations ,
Information Reports ,
Investment Adviser ,
OCIE ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
The Middle District of Tennessee recently issued a key decision in the ongoing Genesco, Inc. v. Visa U.S.A., Inc. data breach litigation. The court denied discovery requests by Visa for analyses, reports, and communications...more
On April 1, President Obama signed an Executive Order to combat the "national emergency" sparked by a rapidly evolving global cybercrime environment. The Executive Order directs the U.S. Treasury Department to impose...more
4/14/2015
/ Asset Freeze ,
Barack Obama ,
Blocked Entities ,
Blocked Person ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Executive Orders ,
National Security ,
Popular ,
Sanctions ,
SDN List ,
U.S. Treasury
On Feb. 26, 2015, in an effort to make “New York State’s computer infrastructure the most secure in the nation,” the New York State Senate passed a suite of four cybersecurity-related bills focused on protecting critical...more
On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves...more