Bret Cohen, Paul Otto, Nathan Salminen, and Morgan Perna (law clerk) of Hogan Lovells write: ….This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk. Available statutory penalties The CCPA allows consumers to sue businesses…
Category: Of Note
OCR Concludes All-Time Record Year for HIPAA Enforcement with $3 Million Cottage Health Settlement
The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services concluded an all-time record year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. In 2018, OCR settled 10 cases and was granted summary judgment in a case before an Administrative Law Judge, together totaling $28.7 million from enforcement…
Community Health System Agrees to Settlement of $4.5 Million for 2014 Data Breach
As I reported recently, the 2014 Community Health System breach has settled for $4.5 million. Linn F. Freedman of Robinson & Cole has a concise summary on The National Law Review. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of…
Insurance Data Security Model Law Picks Up Steam
Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write: Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance…
Accused hacker Lauri Love to sue National Crime Agency to retrieve confiscated computing kit
Paul Kunert reports: Lauri Love, the Brit who beat US attempts to extradite him over accusations of hacking, is suing Blighty’s National Crime Agency (NCA) to get back computing gear seized in 2013 as part of the case against him. More than five years ago, Love was indicted across the pond over allegations he hacked…
Accusations fly between a researcher and a vendor over a vulnerability and a bug bounty that was never paid
Wow. Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and…