Kristin L. Bryan of Squire Patton Boggs writes about a lawsuit stemming from an insider wrongdoing situation first reported in 2018: Last month a California appellate court affirmed (for the first time among any state appellate courts to consider the issue) the lower court’s denial of class certification for claims brought under the Confidentiality of…
Category: Commentaries and Analyses
HIPAA Security Rule Security Incident Procedures
HHS OCR’s October newsletter begins: Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule1 applies to covered entities2 and their business associates3 (“regulated entities”)…
Paying off hackers is common, says top Australian govt cybersecurity firm
Byron Kaye reports: Corporate insurers routinely pay hackers a ransom for the return of stolen customer data, a top Australian government cybersecurity provider said on Tuesday (Oct 25), as the country’s biggest health insurer revealed the growing scale of a recent breach. The claim from Macquarie Telecom Group, which runs cybersecurity for 42 per cent…
FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers. Drizly and Rellas were alerted to security problems two years prior to the breach yet…
UK: ICO fines Interserve £4,400,000 for inadequate data security
Between 18 March 2019 and 1 December 2020 Interserve Limited (“Interserve”) failed to process personal data in a manner that ensured appropriate security of the personal data using appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 GDPR. This rendered Interserve vulnerable to a cyber-attack which took place in the period…
CISA Alert: Daixin Team
[Comment: I’ve been waiting for this since I first suspected that Daixin Team might be responsible for the CommonSpirit breach. And although it has not been confirmed by anyone, I still suspect them of that one. — Dissent] Alert (AA22-294A) #StopRansomware: Daixin Team Download the PDF version of this report: pdf, 591 KB Technical Details Note:…