We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks. In fact, a recent breach at a major health care analytics firm exposed the data of 5.4 million U.S. patients, making it one of...more
In the context of a significant increase in data breaches and cyber-attacks impacting hospitals, the French Data Protection Authority (“CNIL”) has launched a series of investigations and issued several formal notices to...more
On 27 March 2025, the UK Information Commissioner’s Office (ICO) issued a £3.07 million fine to an IT services provider following a ransomware attack in 2022 that affected the company’s health care business. The ransomware...more
We are pleased to present our final 2024 update to the New England and First Circuit Class Action Tracker, which focuses on class action filings in state and federal courts within the boundaries of the First Circuit in New...more
Cyberattacks remain one of the most serious threats facing the healthcare industry. Healthcare providers and their vendors handle sensitive and valuable health data, making them prime targets for cybercriminals....more
In recent news, New York’s Stram Center for Integrative Medicine reported a security incident involving an employee misusing a patient’s payment card information. According to a breach report filed with the U.S. Department of...more
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
In February, a coalition of healthcare organizations sent a letter to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a proposed update to...more
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and the U.S. Food and Drug Administration (“FDA”) released warnings about an embedded function they found in the firmware of the Contec CMS8000,...more
Cyberattacks and technology disruptions in healthcare don’t just cost organizations financially — they can threaten patient safety and put organizational reputations at risk. How ready is your organization for a potential...more
The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
We bring you Vital Signs, a curated, one-stop resource on the most notable digital health law updates from our U.S. and global contributors. In Industry Insights, we present a timely discussion about increasing litigation and...more
In response to several high-profile cybersecurity incidents affecting hospitals and other health care providers, including the Change Healthcare breach, new federal legislation was recently introduced by Senators Ron Wyden...more
New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the...more
In 2024, the U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) Director Melanie Fontes Rainer announced that OCR will resume auditing Health Information Portability and Accountability Act (“HIPAA”)...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
A California federal court recently ruled that disclosure of certain data collected through website cookies that may qualify as health information could trigger a data breach under the California Consumer Privacy Act (CCPA) –...more
In light of the changing legal landscape following Dobbs v. Jackson Women’s Health Organization, the Department of Health and Human Services (the “Department”) issued a final rule (link, and corresponding fact sheet link)...more
The Federal Trade Commission (FTC) continues to enforce and update its Health Breach Notification Rule (HBNR) amidst a fast-changing regulatory environment. A new rule, which took effect this week, expands the scope of the...more
The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule that applies to non-HIPAA, consumer health data. Among the revisions, the FTC expanded or introduced key definitions and modified the...more
On July 1, 2024, the amendments to the Health Breach Notification Rule (HBNR) went into effect. First promulgated in 2009, the HBNR applies to vendors of personal health records — entities that are not covered by the Health...more
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to...more