Edward Kost writes: Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years. The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered. Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities – CVE-2012-3152, CVE-2019-11581,…
Category: Of Note
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
WeChat Data Leak Leads To Arrest Of Tencent Executive Zhang Feng
Cullen Paradis reports: Zhang Feng, an executive at China’s most valuable public company Tencent Holdings, has been detained by authorities in connection to a data leak and corruption scandal. According to the Wall Street Journal, Zhang is accused of sending user data from the messaging app juggernaut WeChat to Sun Lijun, the former vice public security minister now…
11th Circuit’s strict new rule for data breach standing will figure in Equifax appeal
Alison Frankel reports: Shiyang Huang is not a lawyer. Nor is he a professional objector who makes a living from demanding payments to drop filing vexatious objections to class action appeals. By his account, he’s just a pro se litigant from Topeka who doesn’t think federal courts should be called upon to adjudicate claims by…
What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?
Here is some more commentary on the Fifth Circuit opinion in MD Anderson v. HHS. Elfin Noce, Liisa Thomas & Susan Ingargiola of SheppardMullin write, in part: On the ruling regarding the disclosure of ePHI, the Fifth Circuit held that HHS had failed to establish that MD Anderson disclosed ePHI to someone outside of the covered entity. The…
The M.D. Anderson Case and the Future of HIPAA Enforcement
Privacy law scholar Daniel Solove writes: The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2001), the 5th Circuit struck down a fine…