So while I was busy trying to get from there to here, UpGuard’s new site, Cyber Resilience, released its first blockbuster report: In what constitutes the latest in a series of blows to the US intelligence community’s reputation for stringent information security, UpGuard’s Cyber Resilience Team can now reveal the discovery by Cyber Risk Analyst…
Category: Of Note
The Computer Fraud and Abuse Act Will Need To Wait Another Day In New York’s Commercial Division
Justice Shirley Kornreich recently issued one of the few New York state court decisions that address the Computer Fraud and Abuse Act (“CFAA”). Spec Simple, Inc. v. Designer Pages Online LLC, No. 651860/2015, 2017 BL 160865 (N.Y. Sup. Ct. May 10, 2017). The CFAA criminalizes both accessing a computer without authorization and exceeding authorized access…
Target to Pay 47 States $18.5M to Settle Data Breach Case
Stephen Joyce reports: Target Corp. will pay $18.5 million to settle state enforcement actions over the retailer’s payment card hacking breach that affected as many as 60 million customers during the 2013 winter holiday shopping season, a coalition of 47 state attorneys general announced May 23. The settlement capped an investigation led by Illinois Attorney…
Calling time of death on HHS’s “breach tool”
I was excited back in 2010 when HHS started posting breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches involving HIPAA-covered entities, but at least we were finally starting to get some actual data. Now, more than 6 years later, it’s become clear to me that it’s probably best to just call time of death…
Careless handling of HIV information jeopardizes patient’s privacy, costs St. Luke’s-Roosevelt Hospital Center $387k
The U.S. Department of Health & Human Services(HHS), Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on impermissible disclosure of protected health information (PHI). St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid HHS $387,200 to settle potential violations of the HIPAA Privacy Rule…
Court Applies Work Product Protection to Breach Investigation Reports
Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability: One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from…