Photo of Jean Tomasco

A professional accounting firm in Illinois received an unwanted holiday “gift” in the form of a class action complaint stemming from its alleged failure to secure personally identifiable information (PII) and to timely notify affected parties of a data breach.

On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers

A federal District Court judge in Illinois sided with the U.S. Department of Labor (DOL) in ordering Alight Solutions, LLC, an ERISA plan services provider, to comply with an administrative subpoena seeking documents pertaining to alleged cybersecurity breaches. The Court’s order in the case, Walsh v. Alight Solutions, LLC, Dkt. # 20-cv-02138 (N.D. Ill.), is

A fertility clinic in California cannot escape a lawsuit brought by a patient after the clinic sent private information to the individual’s entire work team.

The clinic, Lane Fertility Institute for Education and Research (Lane), emailed a client regarding an embryo transfer procedure she had undergone the prior year, seeking information about her resulting pregnancy.

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care

A federal District Court in California recently dismissed a lawsuit against Walmart that arose from an alleged data breach. (Gardiner v. Walmart, Inc., 20-cv-04618-JSW (N.D. Cal., March 5, 2021). Among other things, the court determined that California’s Consumer Privacy Act (CCPA) does not apply retroactively, dismissing the CCPA claim because the plaintiff had not

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security

As many states continue to reopen businesses and permit more gatherings, public health officials are looking to contact tracing as a key strategy for preventing further spread of COVID-19.  In contact tracing, public health staff work with patients who have suspected or confirmed COVID-19 infection to help them recall everyone with whom they had close

These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare

Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), more than 30 reports of data breaches were filed by health care entities in the first month and a half of 2020. Although a few reported breaches involved theft or improper