Cybersecurity Archives - Page 25 of 30

Investigation Continues After Massive Data Breach at Henry Ford Health System

An unknown hacker gained access to 18,470 patients’ personal health information via employee emails at Detroit-based Henry Ford Health System (HFHS).

According to the press release, HFHS first learned of the incident on October 3, 2017, after becoming aware that the email credentials of a group of employees were compromised. Even though the emails were name and password protected by encryption, they remained vulnerable to such illegal access. The email accounts contained patient health information, including:

Patient name
Date of birth
Medical record number
Provider’s name
Date of service
Department’s name
Location
Medical condition
Health insurer

Continue reading “Investigation Continues After Massive Data Breach at Henry Ford Health System”

The SEC’s Cyber Specialty Unit Strikes With Its First Case

On December 4, 2017, the SEC Enforcement Division’s new Cyber Unit filed its first enforcement case for a fraudulent initial coin offering (ICO). This new specialty unit was established in late September to increase the Enforcement Division’s focus on cyber-related securities law violations. The focus areas of this unit include securities laws violations involving “blockchain” technologies and ICOs.
Continue reading “The SEC’s Cyber Specialty Unit Strikes With Its First Case”

Agenda and Panelists Announced for FTC’s Information Injury Workshop in December

The Federal Trade Commission released the agenda and panelists for the Information Injury Workshop which will be held on December 12.

As we covered in a previous DBR on Data post, the goal of the workshop is to explore how to characterize information injuries, how to accurately measure such injuries, and their prevalence. In addition, panelists will discuss what factors businesses and consumers consider when evaluating the tradeoffs between providing information and potential exposure to injuries.

The panelists come from a variety of fields and disciplines, including information technology, privacy and data security, business, academia, legal and nonprofit fields.

The full agenda and list of panelists is available at this link. The workshop is free and open to the public and will also be available via live webcast through the FTC’s website.

California’s First 2017 Health Care Data Breach Enforcement Results in $2 Million Settlement

Cottage Health System has settled a state enforcement action over two separate data breaches that made more than 50,000 patients’ medical information publicly available online. The no-fault settlement requires Cottage Health System to:
Continue reading “California’s First 2017 Health Care Data Breach Enforcement Results in $2 Million Settlement”

A Bipartisan Effort to Focus on Healthcare Cybersecurity

House Energy and Commerce Committee members Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) introduced the HHS Cybersecurity Modernization Act earlier this month in a bipartisan effort to address cybersecurity threats to the Department of Health and Human Services (HHS). Representatives Long and Matsui have both described the bill, H.R. 4191, as a stepping-stone towards improving cybersecurity at HHS and the health care industry at large. However, the bill does not authorize any additional appropriations to do so.

Continue reading “A Bipartisan Effort to Focus on Healthcare Cybersecurity”

A.G. Schneiderman Announces SHIELD Act to Protect New Yorkers

The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) was introduced in the New York legislature in early November and would amend New York’s state breach notification law. The bill was announced after the release of a New York Office of the Attorney General report found a nearly 60% hike in data breaches affecting state residents in 2016 and following the Equifax breach in September, which A.G. Schneiderman is investigating.

Among other things, the SHIELD Act would:

Require reasonable security for private information, using standards tailored to the size of the business, while avoiding duplicate regulations and providing incentive to businesses that certify security compliance and provides clear examples of safeguards (e.g., technical, administrative, and physical measures).
Carve out “compliant regulated entities,” which are defined as those already regulated by, and compliant with, existing or future regulations of any federal or NYS government entity (including NYS DFS cybersecurity regulations; regulations under Gramm-Leach-Bliley; HIPAA regulations) by deeming them compliant with this law’s reasonable security requirement.
Provide safe harbor from AG enforcement actions under this law for “certified compliant entities,” (those with independent certification of compliance with aforementioned government data security regulations, or with ISO/NIST standards).
Provide a more flexible standard for small business (less than 50 employees and under $3 million in gross revenue; or less than $5 million in assets): requiring reasonable safeguards “appropriate to the [small business’s] size and complexity.

Continue reading “A.G. Schneiderman Announces SHIELD Act to Protect New Yorkers”

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

Category: Cybersecurity