Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new…
Category: Commentaries and Analyses
Australian Digital Health Agency sees ‘inconsequential’ My Health Record data breach notices eroding trust
Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review [pdf], the agency (ADHA) asks for changes to the My Health Records Act under which…
FBI warns of Egregor ransomware extorting businesses worldwide
Sergiu Gatlan reports: The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims…
Ryuk gang estimated to have made more than $150 million from ransomware attacks
Catalin Cimpanu reports: The operators of the Ryuk ransomware are believed to have earned more than $150 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed…
Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority
Ffion Flockhart (UK) and Steven Hadwin (UK) write: The end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to…
Data Analytics Company Settles with FTC Over Alleged Data Security Violations
Sheila A. Millar and Tracy P. Marshall of Keller & Heckman write: Third-party service providers are vital to many companies and they handle a wide range of business activities essential for companies to deliver their own offerings. But a company is not adequately protecting consumers if it fails to perform proper due diligence on service…