Stacy L. Cook and Iqra Mushtaq of Barnes & Thornburg LLP write: On March 14, 2023, the U.S. Department of Justice (DOJ) announced the settlement of a case involving alleged violations of the False Claims Act (FCA) as a result of cybersecurity failures and breach of HIPAA-protected health information. Obtained under the Civil Cyber-Fraud Initiative, this settlement emphasizes…
Category: Legislation
French CNIL is setting the tone for 2023: patients data and medical research on its radar
Julie Schwartz and Patrice Navarro of HoganLovells write: CNIL has always been very attentive to the processing of health data and to their security and confidentiality. It regularly publishes content on its website (practical information sheets, guidelines and binding recommendations), and has also made health data security one of its priority topics for its investigations…
FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security
From the FTC: The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competition, and potential security risks. In a Request for Information, FTC staff are seeking information about the competitive dynamics of cloud computing, the extent to…
The BreachForums case: The HHS-OIG did WHAT?!? Why?
Revelations contained in an affidavit by an FBI agent and a press release by the Department of Justice about the arrest of the owner of a popular hacking forum raise a few questions about the role of the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG). An affidavit by FBI…
Medical technology regulations and the NHS
From Parliament: A debate has been scheduled for 4.30pm on Tuesday 28 March on medical technology regulations and the NHS. The debate will be opened by Dame Caroline Dinenage MP. The Library will produce briefing ahead of this debate, and this page will be updated when it is published.
Only 15 entities have complied with India’s new 6-hour reporting rules
Simon Sharwood reports: India’s rules requiring local organizations to report infosec incidents within six hours of detection have been observed by a mere 15 entities. India’s Computer Emergency Response team (CERT-In) revealed that low, low, level of compliance in response to a Right to Information (RTI) request filed by Indian tech news outlet MediaNama, which reported the news…