On January 23, 2018, the French data protection authority (the CNIL) published new guidelines on the security of personal data (updating its previous security guide published in 2010 available in English) , providing practical recommendations in the form of “Do’s and Dont’s” to help businesses implement appropriate measures to protect personal data in compliance with…
Category: Of Note
Spain Extradites Russian Hacker Allegedly Implicated in Kelihos To New Haven
Edmund H. Mahony reports: Spain on Friday turned over notorious Russian computer hacker Peter Yuryevich Levashov to FBI cyber detectives in New Haven, who have accused him of developing the Kelihos network of hundreds of thousands of infected computers and using it to stuff inboxes with spam, steal secret financial data and spew malicious programming…
Massachusetts AG Healey Launches Online Data Breach Reporting Portal
Note the last paragraph in the following press release. We’ll have a bit more ready transparency about breaches reported to Massachusetts, but in terms of numbers, we will only see the number of Massachusetts residents affected. That’s still better than what we have right now, though, so good news! BOSTON – Making it easier and more…
People are taking Equifax to small-claims court via chatbot — and winning
Ethan Wolff-Mann reports: In September, entrepreneur Joshua Browder’s Do Not Pay chatbot website added a new skill: allowing people to sue Equifax for its monumental data breach that exposed the personal information of 145.5 million people, which included Social Security numbers. A few months later, the results are coming in and people are winning judgements…
Court Declines to Dismiss Claims Against Business Associate Subcontractor Responsible for HIPAA Breach
CVS Pharmacy, Inc. v. Press America, Inc., 2018 WL 318479 (S.D.N.Y. 2018) A federal court has declined to dismiss a lawsuit filed by a pharmacy benefit manager (PBM) against a mail service that violated the HIPAA privacy rule when it misaddressed mail and improperly disclosed protected health information (PHI) of 41 individuals. The PBM, which…
Fresenius Medical Care North America settles HHS OCR complaint for $3.5m plus corrective action plan
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…