Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…
Category: U.S.
Lubbock Heart and Surgical Hospital sued for breach where no one knows for sure whether data was accessed or acquired
If the victim of a cyberattack cannot determine whether data was accessed or acquired, should that increase the damages sought by plaintiffs in a class action suit? Or should it get the suit tossed out because the plaintiffs can’t prove any theft of their data? Kelly Mehorter reports about a class action lawsuit filed against…
Little Rock school district seeks cyberattack disclosure guidance
Arkansas Online reports: The Little Rock School District is continuing to seek an attorney general’s opinion on the legality of holding private school board meetings when reacting to a cyber- or ransomware attack on a district’s electronic information systems. Little Rock Superintendent Jermall Wright sent a lengthy letter in January to the attorney general’s office…
Texas waited two months to start informing 3,000 people that crooks copied their driver’s licenses. DPS explains why.
Jasper Scherer reports: After discovering in December that an organized crime group had obtained thousands of replacement Texas driver licenses, state public safety officials waited more than two months to publicly reveal the breach and start notifying those swept up in the operation. The criminal effort, disclosed to lawmakers Monday by Texas Department of Public Safety Director…
Supreme Court Hears Healthcare Identity Theft Case
Marianne Kolbasuk McGee reports: Justices on the U.S. Supreme Court seem ready to restrict federal prosecutors’ use of a federal law criminalizing identity theft after hearing a case challenging its application in a Medicaid fraud case. Traditional identity theft involving appropriation of personal information for criminal ends, such as obtaining fraudulent prescriptions or submitting fake…
Another Texas school district with a data breach? (UPDATED)
LockBit has added White Settlement Independent School District in Texas to their leak site, with a proof pack that suggests that the threat actors were able to access — and may have exfiltrated — a lot of files. The listing was added yesterday. There is no notice on WSISD’s website that DataBreaches could find…