April 2017

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry

Protected health information (PHI) is targeted by hackers. Recently, the Cyber Division of the Federal Bureau of Investigation issued a Private Industry Notification regarding security vulnerabilities in File Transfer Protocol (FTP) servers running in anonymous mode.

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry Read More »

New Mexico Becomes 48th State to Enact a Data Breach Notification Law

After years of legislative debate, New Mexico becomes the 48th state to enact a data breach notification law, leaving only Alabama and South Dakota as the two remaining states without such a law. New Mexico’s Data Breach Notification Act (the Act) goes into effect on July 1, 2017. The Act provides a 45-day deadline to report a data breach, which is less aggressive than other notification laws. However, the Act is more far-reaching in other areas.  For instance, the Act includes “biometric data” in its definition of PII. It also requires owners of PII to adopt “reasonable” cybersecurity procedures and to contractually require their vendors to employ reasonable cybersecurity procedures. It also has provision addressing the “proper disposal” of records containing PII.

New Mexico Becomes 48th State to Enact a Data Breach Notification Law Read More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things

The continuing proliferation of internet-connected devices (the “Internet of Things”) has accelerated the availability of modern technological conveniences hand in hand with the erosion of cybersecurity and privacy. In October 2015, White and Williams released a client alert addressing the myriad privacy and security issues that the increased Internet of Things had already created, as well as explored new potential risks posed by such pervasive interconnectivity. In particular, the alert highlighted the potential physical dangers posed by the hacking of internet-connected cars. Such vehicles can be accessed by third parties to not only control accessory components, such as windshield wipers and air conditioning, but a driver’s very ability to operate the vehicle itself.

SPY Car and Cyber AIR Acts: Regulating the Internet of Things Read More »

Cybersecurity Risks in Connected Cars

Cars rolling off the assembly line today have many automated safety features and connectivity solutions, including lane departure warnings, automatic braking and limited self-driving, and other computerized control systems that were not present even a few short years ago. A recent report shows that over 40% of drivers admit that they do not understand how to use all of the technology in new vehicles. …

Cybersecurity Risks in Connected Cars Read More »

Health Data

New York Attorney General Announces Settlements with Three Healthcare App Developers

Application developers have incredible access to consumers. Along with that access comes the potential for greater government scrutiny. In late March, that reality was reflected in three settlements reached by the Attorney General of New York State with three mobile health application developers that made what were described as “misleading claims and irresponsible privacy practices.”

New York Attorney General Announces Settlements with Three Healthcare App Developers Read More »