Bill Fitzgerald writes: Even the smallest of school districts are complicated places. Communicating with stakeholders is hard to do well, and getting the details right is imperative. The details become even more important when school boards and superintendents try and communicate about school safety issues. When communication is done well, is not rushed, and goes…
Category: U.S.
Pennsylvania lawmakers consider requiring government data breach notifications
WHTM reports: Pennsylvania Senator Kristin Phillips, who chairs the technology committee, held a hearing on June 7 about a proposal to require prompt disclosure whenever there is a data breach within the state government. In her opinion, the state should have revealed the unemployment and contact tracing breaches that took place. “Citizens are tired of…
Is cyberinsurance for cyberattacks becoming harder to find and more costly?
Attorney Jeff Drummond writes: News from the Cyberinsurance Market: Healthcare entities are finding that cybersecurity insurance is getting harder to find. Insurers are leaving the market, and prices are going up. Having cyberinsurance has always been a good call, from the time the insurance first hit the market, because (i) the risk is so hard to quantify,…
California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information
Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that the…
Shields Health Care Group notifies 2,000,000 patients after hack
Shields Health Care Group, Inc. (“Shields”) provides management and imaging services for dozens of covered entities in New England. On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Their investigation discovered that an unknown threat actor had access to certain systems between March 7 and March 21 and…
Novartis says no sensitive data was compromised in cyberattack
Lawrence Abrams reports: Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor…