The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information.  The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal

Consumer privacy issues are as a hot as ever, and on the radar of the state and federal legislature alike.  Following in the footsteps of California, and most recently Virginia and Colorado, Ohio  introduced a comprehensive consumer privacy bill, the Ohio Personal Privacy Act (the “Act”). By introducing the Act, Ohio follows the growing nation-wide

The National Institute of Standards and Technology (NIST) recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management. The public comment period for this draft runs through July 9, 2021. NIST says “The profile can be used as a guide to managing the risk of ransomware events. That includes helping

In a landmark decision, the U.S. Supreme Court has ruled that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq., does not prohibit improper use of computer information to which an individual has authorized access. Rather, the law prohibits obtaining information from areas of a computer, such as files, folders,

In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state.  The settlement also requires the online retailer to strengthen

COVID-19 drove many formerly in-person interactions onto a variety of video conferencing platforms.  But as millions of vaccinations are administered each day, and case numbers decline, it’s now possible to imagine and plan for the time when conducting business over video will no longer be mandatory.

For many organizations, though, COVID-19 has led to an

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

The advisory describes the tactics, techniques, and procedures

As they work to combat the surging COVID-19 virus, healthcare providers recently were reminded by legislators and regulators of the importance of data security and privacy protections.

On the data security front, U.S. Senators Richard Blumenthal, Tom Cotton, David Perdue, and Mark Warner recently wrote to the Director of the U.S. Department of Homeland Security’s

We observed in a post on this blog that government agencies, businesses, hospitals, universities and school districts are frequent targets of data breaches that can affect millions of individuals.   Cyberattacks on school districts continue to appear in the news. In January, students in the Pittsburg Unified School District (California) were left without internet access as