R. Loheswar reports: Continued breaches exposing Malaysians’ private information at government agencies meant the Personal Data Protection Act (PDPA) should be amended to finally make these accountable, said legal experts. In its current form, the PDPA only covers commercial entities and transactions, exempting both the federal and state governments from its rules and principles, including…
Category: Legislation
Cyber Plan Would Hold Software Makers Responsible in Hacks
Katrina Manson reports: The Biden administration is set to release an aggressive new national cybersecurity strategy on Thursday that seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with big technology companies. The 35-page strategy, shared in advance with a group…
HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight
Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…
Little Rock school district seeks cyberattack disclosure guidance
Arkansas Online reports: The Little Rock School District is continuing to seek an attorney general’s opinion on the legality of holding private school board meetings when reacting to a cyber- or ransomware attack on a district’s electronic information systems. Little Rock Superintendent Jermall Wright sent a lengthy letter in January to the attorney general’s office…
Supreme Court Hears Healthcare Identity Theft Case
Marianne Kolbasuk McGee reports: Justices on the U.S. Supreme Court seem ready to restrict federal prosecutors’ use of a federal law criminalizing identity theft after hearing a case challenging its application in a Medicaid fraud case. Traditional identity theft involving appropriation of personal information for criminal ends, such as obtaining fraudulent prescriptions or submitting fake…
Digital Healthcare Platform Ordered to Pay Civil Penalties and Take Corrective Action for Unauthorized Disclosure of Personal Health Information
Following up on the FTC’s February 1 announcement about its enforcement action against GoodRx, the Department of Justice announced yesterday: The Department of Justice, together with the Federal Trade Commission (FTC), announced today that the government has resolved allegations that GoodRx Holdings Inc., doing business as GoodRx Gold, GoodRx Care, and Hey Doctor (GoodRx), violated…