Collaborate Disseminate
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
AJ Taylor reports: Sens. Chuck Grassley (R-Iowa) and Ron Wyden (D-Ore.) are holding the United Network for Organ Sharing (UNOS) accountable after a data breach allowed UNOS system users unauthorized access to over a million sensitive patient records. T… Continue reading Grassley, Wyden Probe Data Breach that Exposed 1.5 Million Organ Transplant Patients’ Sensitive Data
Jane Wester reports: U.S. District Judge Nelson Román of the Southern District of New York on Monday dismissed a proposed class action lawsuit against Ally Financial, finding that the plaintiff failed to establish the injury suffered by a data breach i… Continue reading Too Speculative’: US Judge Throws Out Data Breach Suit Against Ally Financial
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has s… Continue reading Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
A new leaksite appeared this past week that appears to have been created for one particular incident. The notice begins: Dear Visitor of Commonwealth Healthcare Corporation LEAK website: We regret to inform you that Commonwealth Healthcare Corporation … Continue reading Commonwealth Healthcare Corporation breached, patient data involved
Terré Gables of KFOR reports: Emergency Medical Services Authority (“EMSA”) says, it has identified suspicious activity in its IT network and is mailing letters to patients whose information may have been involved. According to EMSA, on February 13, 20… Continue reading OK: Emergency Medical Services Authority notifies patients of hacking incident
Marco A. De Felice reports: The American Renal Associates (now known as Innovative Renal Care), with over 230 locations across the United States, has become the latest victim in the clinical-hospital sector of a ransomware attack. Recently, the Medusa … Continue reading American Renal Associates patients affected by ransomware attack
Naomi Diaz reports: The American Hospital Association sent a letter to the HHS urging them to clarify whether hospitals and health systems should be providing breach notification to patients if protected health information is compromised due to the Feb… Continue reading AHA seeks guidance on reporting breaches linked to Change cyberattack
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges