Stacy L. Cook and Iqra Mushtaq of Barnes & Thornburg LLP write: On March 14, 2023, the U.S. Department of Justice (DOJ) announced the settlement of a case involving alleged violations of the False Claims Act (FCA) as a result of cybersecurity failures and breach of HIPAA-protected health information. Obtained under the Civil Cyber-Fraud Initiative, this settlement emphasizes…
Category: Federal
FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security
From the FTC: The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks. In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to…
The BreachForums case: The HHS-OIG did WHAT?!? Why?
Revelations contained in an affidavit by an FBI agent and a press release by the Department of Justice about the arrest of the owner of a popular hacking forum raise a few questions about the role of the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG). An affidavit by FBI…
Only 15 entities have complied with India’s new 6-hour reporting rules
Simon Sharwood reports: India’s rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities. India’s Computer Emergency Response team (CERT-In) revealed that low, low, level of compliance in response to a Right to Information (RTI) request filed by Indian tech news outlet MediaNama, which reported the news…
Romanian entities issued monetary penalties for infosecurity and data protection failures
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center. A…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…