Last week, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and the U.S. Food and Drug Administration (“FDA”) released warnings about an embedded function they found in the firmware of the Contec CMS8000,...more
2/13/2025
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Devices ,
Patient Privacy Rights ,
PHI ,
Risk Management
On January 6, 2025, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a “Notice of Proposed Rulemaking,” HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected...more
“Side-Channel” attacks generally refer to a type of criminal cyber attacker activity that exploits vulnerabilities so that the attacker can collect and analyze “leakage” of data from a device, as a means to identify certain...more
12/15/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
NIST ,
Risk Management ,
Vulnerability Assessments
The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law....more
3/22/2022
/ CafePress ,
Consumer Information ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Trade Commission (FTC) ,
Popular ,
Regulatory Violations ,
Security Standards ,
Settlement Agreements ,
Whistleblowers
Virginia recently adopted a GDPR-inspired comprehensive data protection law for Virginia residents.
What Are the Main Points Covered by Virginia’s Consumer Data Protection Act (CDPA)?
...more
8/9/2021
/ 21st Century Cures Act ,
Biometric Information ,
Biometric Information Privacy Act ,
CDPA ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Localization Law ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Information Blocking Rules ,
New Legislation ,
Personal Data
As we bid farewell to 2020 and look toward the uncharted territory of 2021, it is hard not to take inventory of all that has changed in such a short period. No one at the beginning of 2020 would have predicted what transpired...more
1/26/2021
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Communications Decency Act ,
Contact Tracing ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
DMCA ,
Employee Monitoring ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personally Identifiable Information ,
Ransomware ,
Van Buren v United States
On January 5, 2020, President Trump signed into law H.R. 7898. This new statute amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Department of Health and Human Services...more
On May 22, 2020, the Federal Trade Commission (the “FTC”) published its decennial request for public comment (the “RFC”) on the FTC’s Health Breach Notification Rule (the “HBN Rule”)....more
6/25/2020
/ Breach Notification Rule ,
Comment Period ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HITECH Act ,
Medical Records ,
Personally Identifiable Information ,
PHI
Every year, the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services, Office for Civil Rights (OCR) jointly sponsor a conference to “address the dynamic and challenging...more
10/25/2019
/ Civil Monetary Penalty ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Final Determinations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
NPRM ,
OCR ,
Personally Identifiable Information ,
PHI
Taking affirmative steps to protect sensitive IT information from disclosure during litigation is critical prior to, during and after cybersecurity incidents. Counsel and IT professionals can apply recent commentary from the...more
Health care organizations’ lack of compliance with the data privacy and security requirements of both state laws and the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security and Breach Notification...more
1/3/2019
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospital Mergers ,
PHI ,
Popular ,
Privacy Rule
On May 29, 2018, Colorado Governor John Hickenlooper signed changes to Colorado law that significantly increase potential data breach burdens and financial penalties on entities operating in Colorado.1 Beginning September 1,...more
8/1/2018
/ Confidential Information ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
New Legislation ,
PHI ,
Popular ,
State and Local Government