Joseph J. Lazzarotti of JacksonLewis writes: In late March 2025, the Florida Bar Board of Governors unanimously endorsed the recommendation of its Special Committee on Cybersecurity and Privacy Law that law firms should adopt written incident response plans (IRPs) to better prepare for and respond to data security incidents. The recommendation reflects a growing recognition across professional…
Ex-employee, firm head booked for data theft
Today’s reminder of the insider threat was reported by Tribune News Service: The cybercrime cell here has registered an FIR against Divyanshu Jain, Director of Divrit Consultancy Pvt Ltd, and Aaina Gupta, a former compliance assistant at a Chandigarh-based chartered accountancy firm, for allegedly conspiring to steal sensitive data of over 2,000 clients and misusing…
Hospital Español Auxilio Mutuo de Puerto Rico notifies patients of September 2023 cyberattack
Hospital Español Auxilio Mutuo de Puerto Rico didn’t discover on their own that their systems had been compromised, and then, despite outside expert help, they were unable to determine with precise confidence whose data was exfiltrated or whether it has been misused, but the hospital has now started notifying patients potentially affected by a breach…
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K.
Davey Winder reports: There are two types of scumbag in the cybercrime world: those who pick on vulnerable individuals to perpetrate their fraud, and those who target healthcare in search of illicit financial gains. The latter are, thankfully, much rarer than the former. However, hospitals have been on the ransomware and hacking radar before now,…
Behavioral Health Resources of Washington state updates its data breach disclosure
On January 17, Behavioral Health Resources (“BHR”) notified the U.S. Department of Health and Human Services (HHS) of a reportable breach, but not yet having determined the number affected, they used “501” as a placeholder. They also published a preliminary notice on their website. That notice indicated that on or about November 20, 2024, they…
Breaches Within Breaches: Contractual Obligations After a Security Incident
Roma Patel writes: We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure…