On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of...more
CYBERSECURITY -
New York Governor Proposes Cybersecurity Regulations for NY Hospitals -
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within...more
11/17/2023
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Sales Transactions ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
FCC ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Regulatory Reform
During the last Privacy Law class of the semester, we discuss Privacy and Emerging Technology. My students continue to learn about the collection, use, disclosure, and monetization of consumers’ data, and continue to be...more
CYBERSECURITY -
Hackers Steal $4.4M Crypto Using Data Linked to LastPass Breach -
According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25,...more
11/8/2023
/ Artificial Intelligence ,
Biden Administration ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
SolarWinds
We previously reported on the unfortunate data breach suffered by 23andMe last month and its implications. We never imagined how horrible it could be....more
CYBERSECURITY -
Urgent Joint Cybersecurity Advisory on Atlassian Vulnerability Issued -
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the...more
CYBERSECURITY -
CISA Launches Cybersecurity -
Public Awareness Campaign To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and...more
10/16/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Electronic Protected Health Information (ePHI) ,
Federal Aviation Administration (FAA) ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Popular ,
Vulnerability Assessments
I was preparing to teach my next privacy law class on the subject matter of online privacy, when I discovered a good article (though in full disclosure, it is an ad) on protecting your privacy and personal information online....more
CYBERSECURITY -
CISA Launches Cybersecurity Public Awareness Campaign -
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA...more
CYBERSECURITY -
High Alert: China Linked BlackTech Hides in Router Firmware -
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years...more
It is scary to think of cyber warfare and how it may affect us. But the reality is there, and we should be prepared. I was chatting with a colleague this morning who asked for the top two things to do to prepare for a massive...more
CYBERSECURITY -
Joint Advisory Warns of Snatch Ransomware -
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of...more
VMware provides multi-cloud services, products, and solutions for its customers, including VMware Tools. On September 1, 2023, VMware released a security update for a vulnerability in VMware Tools. According to the...more
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than...more
9/7/2023
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Elder Issues ,
Federal Trade Commission (FTC) ,
Risk Management ,
Scams
CYBERSECURITY -
Joint Commission Issues Alert on Patient Safety After a Cyber-Attack -
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,”...more
CYBERSECURITY -
CISA Issues Four More Industrial Control Systems Advisories -
On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control...more
8/25/2023
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Governance ,
Machine Learning ,
Personal Data ,
Vulnerability Assessments
State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact...more
8/25/2023
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Information Technology ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Privacy Laws
CYBERSECURITY -
CISA Issues Two Industrial Control Systems Advisories -
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and...more
8/21/2023
/ California Privacy Protection Agency (CPPA) ,
Connected Cars ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
QR Codes ,
Regulatory Agenda ,
Vulnerability Assessments
CYBERSECURITY -
SEC Adopts New Cybersecurity Rules for Public Companies -
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public...more
7/28/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Machine Learning ,
Securities and Exchange Commission (SEC)
Amid growing concern of the use of AI tools, Congressional questioning and hearings, and the lack of regulation around its use, at least seven technology firms have signed on to follow voluntary commitments to oversee how AI...more
CYBERSECURITY -
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP -
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
7/24/2023
/ Adobe ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
EU ,
Hackers ,
Machine Learning ,
Vulnerability Assessments
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
7/10/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Information Technology ,
Risk Mitigation ,
Vulnerability Assessments
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies...more
BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages....more
7/10/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
BNSF Railway ,
Calculation of Damages ,
Damages ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Fingerprints ,
New Trial ,
Personal Data ,
Personally Identifiable Information