Health Data

Task Force Issues Report on Health Care Industry Cybersecurity Challenges and Recommendations

/ Cybersecurity, Healthcare, Uncategorized

On Monday, June 5, the Health Care Industry Cybersecurity Task Force (the “HCIC Task Force”) issued its Report on Improving Cybersecurity in the Health Care Industry to Congress. The report highlighted that health care cybersecurity is a “key public health concern that needs immediate and aggressive attention.”

In the report, the HCIC Task Force identified six “imperatives” that must be achieved to increase security within the health care industry.

Read more.

Task Force Issues Report on Health Care Industry Cybersecurity Challenges and Recommendations Read More »

Tech Study Reveals Media Players Susceptible To Hacking

/ Cybercrime, Privacy

A team of researchers at Check Point Software Technologies recently announced the disturbing results of a new study that identified media player subtitles as a new avenue of attack for hackers. Cyber hacks typically fall into two broad categories, either: (a) enticing the user to visit a malicious website; or (b) masking a malicious file that the user is conned into running on a device themselves. The latest vulnerability discovered by Check Point falls into the latter category, but is particularly dangerous due to the minimal amount of action required on the part of a user, and the general lack of awareness the public has about the vulnerability. …

Tech Study Reveals Media Players Susceptible To HackingRead More »

Tech Study Reveals Media Players Susceptible To Hacking Read More »

Massive Ransomware Attack Hits Approximately 150 Countries

/ Cybercrime

A massive cyberattack spread to at least 150 countries and more than 200,000 victims beginning Friday. The software exploit, which is used to take advantage of a system’s or program’s vulnerability, at the center of the attack appears to have used code that was developed by the National Security Agency. The exploit was recently released to the public by a group of hackers called the Shadow Brokers. The exploit delivered the WannaCry ransomware to computers running unpatched versions of Microsoft Windows. The software exploit has a sophisticated delivery system, which when triggered (often through a phishing email), spread quickly through vulnerable systems, encrypting data throughout networks and individual computers. …

Massive Ransomware Attack Hits Approximately 150 CountriesRead More »

Massive Ransomware Attack Hits Approximately 150 Countries Read More »

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry

/ Cybersecurity, Data, Healthcare

Protected health information (PHI) is targeted by hackers. Recently, the Cyber Division of the Federal Bureau of Investigation issued a Private Industry Notification regarding security vulnerabilities in File Transfer Protocol (FTP) servers running in anonymous mode.

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare IndustryRead More »

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry Read More »

New Mexico Becomes 48th State to Enact a Data Breach Notification Law

/ Data Breach, Regulation

After years of legislative debate, New Mexico becomes the 48th state to enact a data breach notification law, leaving only Alabama and South Dakota as the two remaining states without such a law. New Mexico’s Data Breach Notification Act (the Act) goes into effect on July 1, 2017. The Act provides a 45-day deadline to report a data breach, which is less aggressive than other notification laws. However, the Act is more far-reaching in other areas.  For instance, the Act includes “biometric data” in its definition of PII. It also requires owners of PII to adopt “reasonable” cybersecurity procedures and to contractually require their vendors to employ reasonable cybersecurity procedures. It also has provision addressing the “proper disposal” of records containing PII.

New Mexico Becomes 48th State to Enact a Data Breach Notification LawRead More »

New Mexico Becomes 48th State to Enact a Data Breach Notification Law Read More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things

/ Cybersecurity, Data, Privacy, Regulation

The continuing proliferation of internet-connected devices (the “Internet of Things”) has accelerated the availability of modern technological conveniences hand in hand with the erosion of cybersecurity and privacy. In October 2015, White and Williams released a client alert addressing the myriad privacy and security issues that the increased Internet of Things had already created, as well as explored new potential risks posed by such pervasive interconnectivity. In particular, the alert highlighted the potential physical dangers posed by the hacking of internet-connected cars. Such vehicles can be accessed by third parties to not only control accessory components, such as windshield wipers and air conditioning, but a driver’s very ability to operate the vehicle itself.

SPY Car and Cyber AIR Acts: Regulating the Internet of ThingsRead More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things Read More »

Cybersecurity Risks in Connected Cars

/ Uncategorized

Cars rolling off the assembly line today have many automated safety features and connectivity solutions, including lane departure warnings, automatic braking and limited self-driving, and other computerized control systems that were not present even a few short years ago. A recent report shows that over 40% of drivers admit that they do not understand how to use all of the technology in new vehicles. …

Cybersecurity Risks in Connected CarsRead More »

Cybersecurity Risks in Connected Cars Read More »

Health Data

New York Attorney General Announces Settlements with Three Healthcare App Developers

/ Uncategorized

Application developers have incredible access to consumers. Along with that access comes the potential for greater government scrutiny. In late March, that reality was reflected in three settlements reached by the Attorney General of New York State with three mobile health application developers that made what were described as “misleading claims and irresponsible privacy practices.”

New York Attorney General Announces Settlements with Three Healthcare App DevelopersRead More »

New York Attorney General Announces Settlements with Three Healthcare App Developers Read More »

U.S. Congress Votes to Repeal Regulations on Broadband Privacy Rules

/ Uncategorized

Congress has voted to repeal the Broadband Privacy Rules put in place by the Obama Administration that placed privacy restrictions on internet providers. While the Senate approved the repeal last week, the House voted 215-205 on Tuesday, March 28 in favor of repealing, providing the death knell for the regulations before they even went into effect.

U.S. Congress Votes to Repeal Regulations on Broadband Privacy RulesRead More »

U.S. Congress Votes to Repeal Regulations on Broadband Privacy Rules Read More »

Court Lacks Jurisdiction to Apply Non-Commercial Tort Exception in Case of Foreign Hacking

/ Uncategorized

A United States citizen was rebuffed in his efforts to hold the government of Ethiopia legally responsible for his claims that it hacked his computer in his Maryland home. …

Court Lacks Jurisdiction to Apply Non-Commercial Tort Exception in Case of Foreign HackingRead More »

Court Lacks Jurisdiction to Apply Non-Commercial Tort Exception in Case of Foreign Hacking Read More »