Bill Rankin reports: In the spring of 2016, a cyber thief calling himself the “Dark Overlord” hacked into the databases of a Clarke County medical clinic and emerged with the personal information of an estimated 200,000 patients. The Athens Orthopedic Clinic refused to pay the hacker’s ransom and advised current and former patients to set…
Category: State/Local
New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident
Frank J. Fanshawe, Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing the…
New Hampshire Governor Signs Insurance Data Security Law
Hunton Andrews Kurth writes: On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Although the Bill takes effect January 1, 2020, licensees have one year from the effective date…
Delaware Signs Insurance Data Security Act into Law
Joshua Mooney of White & Williams writes: On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the Delaware law establishes a regulatory framework requiring insurers licensed to do business in Delaware to…
New York Becomes Fifth State to Define a Breach to Include “Access” to Information
Daniel De Zayas, a legal intern at ZwillGen, writes: New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new data elements to the definition of “private information.” On July 25,…
NY: Governor signs bills to help prevent data breaches
Marian Hetherly and AP report: New York State is strengthening a law requiring companies that handle consumers’ personal data to notify them about any data breaches. Gov. Andrew Cuomo on Thursday signed legislation that expands the law to cover any company holding personal data belonging to a New Yorker, and not just companies doing business…