Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments

Scott Ikeda reports: The issue of banning ransomware payments has been contentious and hotly debated in governments throughout the world in the last few years, particularly as the problem seemed to grow out of control during the Covid-19 pandemic. In t… Continue reading Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments

Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing

James Bogan III of Kilpatrick Townsend & Stockton LLP writes: Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on a… Continue reading Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing

FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”

Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Discl… Continue reading FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its… Continue reading OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Rattled by RIPTA breach that affected 22,000, lawmakers propose policy changes

Antonia Noori Farzan reports: Lawmakers say that last year’s breach of Rhode Island Public Transit Authority computer systems highlighted glaring problems with the way the state responds to the theft of people’s personal data. […] DiP… Continue reading Rattled by RIPTA breach that affected 22,000, lawmakers propose policy changes

Indiana Amends Breach Notification Law to Require Notification Within 45 Days

Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifi… Continue reading Indiana Amends Breach Notification Law to Require Notification Within 45 Days

Revised Health Breach Notification Rule resources spell out companies’ legal obligations

Lesley Fair writes: Shoppers can find a plethora of apps, trackers, and sensors that hold or capture almost every conceivable form of personal health information. If your business or nonprofit offers products like that or provides certain services to e… Continue reading Revised Health Breach Notification Rule resources spell out companies’ legal obligations

US regulators order banks to report cyberattacks within 36 hours

Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattac… Continue reading US regulators order banks to report cyberattacks within 36 hours

Ransomware Resources for HIPAA Regulated Entities

The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health informatio… Continue reading Ransomware Resources for HIPAA Regulated Entities

Getting caught up: Conti domains seized by Irish Garda

A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti: Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”. If anyone… Continue reading Getting caught up: Conti domains seized by Irish Garda