Ethan Wolff-Mann reports: In September, entrepreneur Joshua Browder’s Do Not Pay chatbot website added a new skill: allowing people to sue Equifax for its monumental data breach that exposed the personal information of 145.5 million people, which included Social Security numbers. A few months later, the results are coming in and people are winning judgements…
Category: Of Note
Court Declines to Dismiss Claims Against Business Associate Subcontractor Responsible for HIPAA Breach
CVS Pharmacy, Inc. v. Press America, Inc., 2018 WL 318479 (S.D.N.Y. 2018) A federal court has declined to dismiss a lawsuit filed by a pharmacy benefit manager (PBM) against a mail service that violated the HIPAA privacy rule when it misaddressed mail and improperly disclosed protected health information (PHI) of 41 individuals. The PBM, which…
Fresenius Medical Care North America settles HHS OCR complaint for $3.5m plus corrective action plan
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…
HHS OCR January 2018 OCR Cybersecurity Newsletter: Cyber Extortion
January 30, 2018 Incidents of cyber extortion have risen steadily over the past couple of years and, by many estimates, will continue to be a major source of disruption for many organizations. Cyber extortion can take many forms, but it typically involves cybercriminals’ demanding money to stop (or in some cases, to merely delay) their…
Hacking and phishing accounted for 75% of breaches reported to North Carolina in 2017
North Carolina issued a Security Breach Report for 2017. From the Executive Summary: This report provides a summary and discussion of the 1,022 data breaches reported to the North Carolina Department of Justice (NCDOJ) between January 1, 2017 and December 31, 2017. Under North Carolina law, businesses and state and local governments are required to…
Bill updates Iowa’s data security protections
Erin Jordan reports: Data security breaches at big corporations, including Equifax and Target, spurred the Iowa Attorney General’s Office to seek changes to Iowa law to further protect consumers. House Study Bill 526, discussed in a Judiciary subcommittee Tuesday, would update Iowa’s data breach notification act, which requires businesses, nonprofits and other entities hit by…