John Cleary and Shundra Crumpton Manning of Polsinelli write: Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps…
Category: Federal
Push to ban ransomware payments following Australia’s biggest cyberattack
Luke Huigsloot reports: The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand. […] The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay…
HHS Office for Civil Rights Announces the Expiration of COVID-19 Public Health Emergency HIPAA Notifications of Enforcement Discretion
Notifications of Enforcement Discretion expire at 11:59 pm on May 11, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announces that the Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health…
HIPAA: Deficient or Miscast
Matt Fisher writes: The development of new technology in healthcare and the massive expansion in sources of healthcare data have both created many complications when it comes to protecting and securing sensitive information about individuals. Inevitably, the discussion then turns to the role of HIPAA, which then turns to HIPAA not meeting current needs. A recent…
What Is CIRCIA and How Does This Cybersecurity Law Impact You?
Chris Odogwu writes: The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a federal law mandating “covered entities” that deal with critical infrastructure to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). If you encounter a cyberattack, you might want to share your experience with your security team or anyone else who can…
HIPAA Data Breach Costs Company Nearly $300,000 In DOJ False Claims Act Settlement
Stacy L. Cook and Iqra Mushtaq of Barnes & Thornburg LLP write: On March 14, 2023, the U.S. Department of Justice (DOJ) announced the settlement of a case involving alleged violations of the False Claims Act (FCA) as a result of cybersecurity failures and breach of HIPAA-protected health information. Obtained under the Civil Cyber-Fraud Initiative, this settlement emphasizes…