Data Breach Notification

For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities. The breach also may require

According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling and reporting of cybersecurity breaches. It turns out that such boards and departments may not be the only ones following the SEC’s increased focus

The Federal Trade Commission (FTC) has approved an amendment to its Safeguards Rule that will require non-banking financial institutions to report certain data breaches (or “notification events”) to the FTC (not affected individuals).

The “Safeguards Rule,” short for “Standards for Safeguarding Customer Information,” was created to ensure that businesses maintain safeguards to protect

When hit with a cybersecurity attack, organizations are often not inclined to bring in federal law enforcement. Recent comments by FBI Director Christopher Wray at Mandiant’s annual mWISE 2023 conference seek to encourage the private sector to reconsider, as reported in CIODive. Doing so is an important consideration and depending on certain factors, it

The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course, the Report as a whole is well worth the read, but if you don’t have the time to

What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of Information Security Media Group’s (ISMG’s)

The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the financial and manufacturing sectors.” Industry analysts cite to many reasons for this, including the sensitivity

In a 2019 post about increasing cyber risks in K-12 schools, we cited a report, “The State of K-12 Cybersecurity: 2018 Year in Review,” that contained sobering information about cybersecurity in local school districts across the country. According to that report, in 2018, there were 122 publicly-disclosed cybersecurity incidents affecting school districts across

The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities. We have summarized each

On May 27, 2023, Texas’ Governor signed Senate Bill 768 amending Texas’ data breach notification law. The law in question, Section 521.053 of the Texas Business and Commerce Code, sets out the specific requirements any person conducting business in the state who owns or licenses sensitive personal information in a computerized format must follow in