David Kitchen writes: If you work at a typical company, employee actions and inadvertent disclosures present the greatest threat to the security of your data. Therefore, providing proper training and technical safeguards is one of the most important means to enhance your company’s security profile. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we…
Massachusetts Enacts Law Providing Greater Privacy of Health Insurance Information
Michael Bertoncini writes: Health insurance carriers often provide explanation of benefits (EOB) summaries to the policyholder specifying the type and cost of health care services received by dependents covered by the policy. EOBs often disclose sensitive information regarding the mental or physical health condition of adult dependents. Massachusetts has now enacted a law, an act…
States Increase HIPAA Enforcement
Elliot Golding and Jennifer Tharp of Squire Patton Boggs write: Overview of Recent Settlement Actions Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement. Under the Health Information Technology for Economic…
A North Carolina Federal Court Allows A Treble Damages Claim In Employee Data-Breach Lawsuit
Alex Pearce of Ellis & Winters LLP writes: As we have explored before, a common scam known as “W-2 phishing” can put companies in the crosshairs for data-breach lawsuits brought by their employees. In honor of Tax Day, today’s post examines an interesting recent decision from a North Carolina federal court in one of these…
Fasthealth Security incident continues to leak out and confuse the public
The FastHealth breach is confusing the heck out of patients and employees. I’m getting inquiries from folks who are understandably suspicious because they never heard of the firm or can’t figure out how their details got caught up in this all. Others see news reports and realize that an entity has no connection to them,…
China’s latest data theft case shows tracking a mobile phone costs less than $2 a month
Christopher Udemans reports: In a case worth over RMB 800 million, numerous members of a syndicate have been arrested for allegedly buying and selling personal data over the internet, local media is reporting. The gang was able to obtain personal information by falsely identifying themselves and hacking targeted individuals. This information included mobile phone location…