From the European Data Protection Board: The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in…
Category: Commentaries and Analyses
Merck cyberattack’s $1.3 billion question: Was it an act of war?
Riley Griffin of Bloomberg reports: By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were…
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …
Google Fires Four Employees, Citing Data-Security Violations
Bloomberg reports: Google told staff on Monday that it fired four employees for what the company called “clear and repeated violations” of its data-security policies. Alphabet Inc.’s Google sent an email describing the decision to employees titled “Securing our data,” according to a copy of the document obtained by Bloomberg News. The company confirmed the…
District Court (NY) Says It’s Powerless to Approve Class Settlement Arising Out of Data Breach Due to Lack of Art. III Cognizable Injury
Scott J. Hyman of Severson & Werson PC writes: In Steven v. Carlos Lopez & Assocs., No. 18-CV-6500 (JMF), 2019 U.S. Dist. LEXIS 203621 (S.D.N.Y. Nov. 22, 2019), Judge Furman declined to approve settlement of a data breach class due to the absence of Art. III standing. From the opinion: In June 2018, an employee…
Yet another city reports a Click2Gov breach
Another city has reported a breach involving Click2Gov software by CentralSquare Technologies. WTVY reports Dothan, Alabama has joined more than four dozen other cities using Click2Gov that have experienced breaches involving payment card data of residents using online payment portals: “It has come to the City of Dothan’s attention that CentralSquare, the third-party processor of…