Maria Korolov reports: Despite widespread public condemnation, Hong Kong toy maker VTech is not backing down from a change in its Terms and Conditions ducking its responsibilities in the event of a breach. European customers now have to agree to a Terms of Service that includes the following sentence: “You acknowledge and agree that any…
Category: Commentaries and Analyses
HHS OIG audit of SC Medicaid system revealed significant problems
Seanna Adcox of AP reports A four-decade-old computer system and poor safety measures at South Carolina’s Medicaid agency exposed the personal health information of roughly 1 million residents to risk of cybertheft, according to a federal report released Friday. The findings by the U.S. Department of Health and Human Services’ Office of Inspector General include…
Healthcare data breaches lead more patients to withhold information from doctors
Stephen Cobb writes: As 2015 slides into the cybersecurity history books as “the year of the healthcare breach” I decided to examine one aspect of medical data privacy that is sometimes overlooked: the impact of breaches on patient-doctor information exchange. Specifically, I’m concerned that high profile healthcare-related IT security breaches may lead more people to…
In Cybersecurity, No Harm Does Not Necessarily Mean No Foul
Peter Sullivan, Christopher Escobedo Hart and Colin Zick of Foley Hoag write: How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers as well as from governmental entities. Managing litigation risk varies in…
‘Numerous Weaknesses,’ ‘Inadequate Security Settings’ Found in Colorado Obamacare Exchange
Elizabeth Harrington reports: The Obamacare health exchange in Colorado faced “numerous weaknesses” and had “inadequate security settings,” leaving the personal information of enrollees vulnerable, according to a new audit. The inspector general for the Department of Health and Human Services publicly released its review of Connect for Health Colorado on Wednesday, revealing the exchange had…
Judge Rejects Key Defense in Anthem Data-Breach Suits
Ross Todd reports: U.S. District Judge Lucy Koh’s first major ruling in data-breach lawsuits against major health insurer Anthem Inc. didn’t do much to clarify how the litigation itself will ultimately play out. […] In her decision, Koh addressed for the first time the question of whether the loss of personal information constitutes harm under…