The National Institute of Standards and Technology (NIST) recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management. The public comment period for this draft runs through July 9, 2021. NIST says “The profile can be used as a guide to managing the risk of ransomware events. That includes helping

Michael R. Bertoncini
Michael R. Bertoncini is a principal in the Boston, Massachusetts, office of Jackson Lewis. He is a member of the Healthcare industry group and a member of the Higher Education group.
With a background as a former Deputy General Counsel, Michael understands first-hand the competing demands and unique challenges faced by in-house counsel. Before joining Jackson Lewis, he was responsible for all labor and employment law matters for the largest fully integrated community care hospital system in New England. Michael provides timely, practical advice that helps clients achieve their strategic goals while ensuring compliance with legal obligations.
With deep experience in a broad range of industries, Michael has a keen interest in the healthcare, higher education, museum, and arts & music sectors. He is dedicated to supporting clients in these areas, leveraging his extensive experience to address the specific challenges faced by institutions and organizations in these fields.
Michael regularly partners with clients to establish positive employee relations. In labor relations matters, he negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with respect to rights and obligations under collective bargaining agreements and applicable labor and employment laws. He also has extensive experience in advising organizations responding to corporate campaigns and negotiating neutrality agreements.
Michael’s privacy and data security practice focuses on advising clients on complying with HIPAA and other state and federal privacy and data security laws. He reviews and develops policies and procedures, written information security plans and integrated compliance programs to ensure his clients meet their obligations under privacy and data security laws. Michael represents clients in investigations of alleged data breaches and advises them on reporting obligations.. He also conducts workplace training programs on HIPAA compliance and related privacy and data security topics.
FDA Names First Acting Director of Medical Device Cybersecurity
The U.S. Food and Drug Administration (FDA) named University of Michigan Associate Professor Kevin Fu Acting Director of Medical Device Security in its Center for Devices and Radiological Health. This is a newly created 12-month post in which Fu will “work to bridge the gap between medicine and computer science and help manufacturers protect…
Federal Agencies Issue Joint Alert on Imminent Cybercrime Threat to Healthcare Providers
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.
The advisory describes the tactics, techniques, and procedures…
Massachusetts Attorney General Creates Data Privacy and Security Division
The Massachusetts Office of the Attorney General has created a new Data Privacy and Security Division. This Division is charged with protecting consumers from the threats to the privacy and security of their data. The Attorney General, Maura Healey, announced “The Data Privacy and Security Division will build on our office’s commitment to empowering Massachusetts…
Legislators and Regulators Weigh in On Privacy and Data Security Protections for Healthcare Providers Amid COVID-19 Pandemic
As they work to combat the surging COVID-19 virus, healthcare providers recently were reminded by legislators and regulators of the importance of data security and privacy protections.
On the data security front, U.S. Senators Richard Blumenthal, Tom Cotton, David Perdue, and Mark Warner recently wrote to the Director of the U.S. Department of Homeland Security’s…
Massachusetts Governor Announces Cybersecurity Program
State and local governments have increasingly become targets of cybersecurity attacks. This year cybersecurity attacks on Baltimore and Lincoln County, North Carolina reportedly will cost those government entities $18.2 million and as much as $400,000, respectively to recover from the attacks. Last year, Atlanta spent more than $7 million to recover from a ransomware attack.…
Healthcare Organizations, Is Your Patient Portal Secure?
Co-author: Valerie Jackson
While healthcare organizations are embracing new technologies such as patient portals, a recent report shows that organizations’ cybersecurity measures for these technologies are behind the times. A patient portal is a secure online website that allows patients to access their Electronic Health Record from any device with an Internet connection. Many patient…
Proposed Legislation in Massachusetts Would Create Private Right of Action for Improper Collection of Personal or Biometric Information
Pending legislation could create new consumer privacy rights in Massachusetts. Earlier this year, Senator Cynthia Creem presented An Act Relative to Consumer Data Privacy in the Massachusetts Senate. This Consumer Privacy Bill, SD.341, combines key aspects of the California Consumer Privacy Act (CCPA) and Illinois’s Biometric Information Privacy Act (BIPA). This bill would allow…
Survey Finds Healthcare Workers Understand Security Measures But Still Share Sensitive Information Through Non-Secure Email
According to reports on a recent survey, the vast majority of healthcare workers share sensitive medical information using non-secure email. The survey, conducted by Kickstand Communications, reportedly found that 87% of healthcare workers surveyed admitted to this practice. These results echo other reports finding that employees and others with access to an organization’s confidential information…
Massachusetts Enacts Law Providing Greater Privacy of Health Insurance Information
Health insurance carriers often provide explanation of benefits (EOB) summaries to the policyholder specifying the type and cost of health care services received by dependents covered by the policy. EOBs often disclose sensitive information regarding the mental or physical health condition of adult dependents. Massachusetts has now enacted a law, an act to protect access…