Following up on the FTC’s February 1 announcement about its enforcement action against GoodRx, the Department of Justice announced yesterday: The Department of Justice, together with the Federal Trade Commission (FTC), announced today that the government has resolved allegations that GoodRx Holdings Inc., doing business as GoodRx Gold, GoodRx Care, and Hey Doctor (GoodRx), violated…
Category: Of Note
Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack
Mark Keierleber reports: Detailed and highly sensitive mental health records of hundreds — and likely thousands — of former Los Angeles students were published online after the city’s school district fell victim to a massive ransomware attack last year, an investigation by The 74 has revealed. The student psychological evaluations, published to a “dark web”…
National Credit Union Administration Finalizes 72-Hour Cyber Incident Reporting Rule
Alexander Boyd and Colin H. Black of Polsinelli PC write: On February 16, 2023, the National Credit Union Administration (“NCUA”) unanimously approved a final rule that requires a federally-insured credit union to report “reportable cyber incidents” to the NCUA as soon as possible, and in no event later than 72 hours after the credit union…
Aviacode remains silent after 0mega dumps 200 GB of their files
On January 9, DataBreaches noticed that Aviacode had been added to the leak site for 0mega. Aviacode, which is part of GeBBS Healthcare Solutions, offers medical coding services, medical coding audits, coding denial management, clinical documentation improvement, and revenue cycle management for billings and claims. As such, it is often a business associate for HIPAA-covered…
The Feds Are Launching a Hack Back Squad
Mack DeGuerin reports: The U.S. says it’s punching back in the digital cold war over emerging technologies with a new “Disruptive Technology Strike Force.” “Our goal is simple but essential—to strike back against adversaries trying to siphon off our best technology,” a deputy attorney general said. The strike force, a joint initiative created by the Department of Justice…
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…