We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
What to Do When Leadership Doesn’t Take Compliance Seriously
Nonprofit Basics: Grant Agreements—Matching Grants, IP, Recoverable Grants & More
AI Today in 5: August 13, 2025. The Beware the EU AI Act Episode
Herb Stapleton's FBI Experience Proves to be Asset to Dinsmore's Corporate Team
Workplace Sexual Assault and Third-Party Risk: What’s the Tea in L&E?
Data Driven Compliance: Understanding the ECCTA and Its Impact with Jonathan Armstrong
Moving Beyond the Usual Helpline Data
Compliance Tip of the Day: Why Engage in Pre-acquisition Due Diligence
Innovation in Compliance: Operationalizing Trust at Scale: A Conversation with Amanda Carty on Compliance and AI
AI Today in 5: August 7, 2025. The US v. China Episode
Hill Country Authors – Exploring the Challenges of a Green Transition with Tom Ortiz
Taxing Intelligence: AI's Role in Modern Tax Administration
LathamTECH in Focus: Move Fast, Stay Compliant
AI Today in 5: August 6, 2025, The Rethinking Compliance Episode
Daily Compliance News: August 6, 2025, The Spanking Banks Edition
AI Today in 5: August 5, 2025, The AI at the SEC Episode
Compliance Tip of the Day: M&A – International Issues
From Forest to Fortune: Navigating Workplace Ethics With Robin Hood — Hiring to Firing Podcast
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
What's New? On May 28, 2025, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) announced an $800,000 settlement with a large Florida-based health care provider over potential violations of the...more
Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more
Cyberattacks and technology disruptions in healthcare don’t just cost organizations financially — they can threaten patient safety and put organizational reputations at risk. How ready is your organization for a potential...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the...more
Looking for compliance education and networking in your area? HCCA’s Regional Healthcare Compliance Conferences offer practitioners convenient, local compliance education on a wide variety of current and emerging topics...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
News Briefs - Joint Employer Rule Withdrawn by National Labor Relations Board - The National Labor Relations Board withdrew its appeal of a district court ruling that enjoined its "joint employer" final rule....more
Cyberhackers—potentially frustrated by their limited ability to extort ransom from health care entities in attacks—have started extorting the patients themselves, threatening them with the release of information or...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more
It is no secret that protected health information (or “PHI”) is more and more at risk for cybersecurity attacks. In 2022 (the most recent year this statistic is available), the Department for Health and Human Services Office...more
The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated...more
In late October, the U.S. Department of Health and Human Services (HHS) reached a settlement agreement with a medical management company based in Massachusetts over alleged HIPAA violations. Under the settlement terms, the...more
News Briefs - House to Consider 19 Bills That Will Impact Healthcare System - The House of Representatives will consider 19 bills that affect various aspects of the U.S. healthcare system. The House Energy & Commerce...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course,...more
Researchers at Mandiant have recently reported that a new ransomware group calling itself Sabbath appears to be the rebranded group Arcane and “picked up their pace” in November....more
Ransomware Particularly Inflicts Health Care and Life Sciences Organizations - Ransomware is a malicious cyber threat vector that employs encryption malware to prevent users from accessing their systems and data unless...more
U.S. hospitals, already on the front lines of fighting the coronavirus pandemic, are now facing viral attacks by cybercriminals. More than 20 U.S. hospitals and health care organizations have reported their data being held...more
Users of Universal Health Services (UHS), one of the largest healthcare systems in the country, recently lost access to electronic medical records when UHS suffered a ransomware attack and took its systems offline to...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more