Threat actors known as Vice Society have disclosed another attack on the healthcare sector. This time, the victim is United Health Centers of the San Joaquin Valley in California. Lawrence Abrams of BleepingComputer reports: On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United Health Centers was reeling from a…
Category: State/Local
California DOJ Must Be Notified About Breaches of the Health Data of 500 or More California Residents
HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…
Connecticut Enacts Safe Harbor From Punitive Damages In Data Breach Cases
Jason Gavejian and Joseph Lazzarotti of JacksonLewis write: Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant…
California Breach Regulations Applicable to Health Care Facilities Align “Breach” Definition with HIPAA, Expand Reporting Obligations, and Clarify Penalty Structure
Jennifer Hennessy, Chloe Talbert, and Jennifer Urban of Foley Lardner write: California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in…
WI: Governor Evers Signs Law to Enhance Insurance Cybersecurity Measures
July, 15 — Madison, Wis. — Today, Governor Tony Evers signed Act 73 into law creating new cybersecurity requirements for protecting data collected by the insurance industry. “From ransomware to data breaches, insurers and consumers are at an increasing risk of experiencing a serious cybersecurity incident,” said Insurance Commissioner Mark Afable. “The new consumer protections in this Act…
Ohio Introduces Data Privacy Legislation
Kurt R. Hunt and Gregory A. Tapocsi of Dinsmore & Shohl LLP write: On July 13, 2021, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act (OPPA), a comprehensive privacy framework following in the footsteps of recent legislative enactments in California (the CCPA as modified by the CPRA), Virginia (the…