Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion. On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community … Continue Reading
Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a … Continue Reading
While the California Consumer Privacy Act (CCPA) went into effect on January 1st of this year, the California Attorney General submitted the final draft of proposed regulations only last month. With the CCPA’s inclusion of a private right of action for California residents to seek actual or statutory damages if their personal information has been … Continue Reading
The New York Department of Financial Services (DFS) recently issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic. DFS described three primary areas of heightened risk during this time: remote working, increased instances of phishing and fraud, and third-party risks. With respect to remote working, DFS noted … Continue Reading
One of the most significant consumer rights offered by the new California Consumer Privacy Act (CCPA) is what we call the “private right of action” afforded by the law. A private right of action under a law basically means that if someone violates the law and a person is damaged, the person can assert a … Continue Reading
This week, a Pennsylvania federal judge refused to approve a proposed $4 million settlement for violations of the Telephone Consumer Protection Act (TCPA) because it would provide the 67,000 class members with only $35 each. In the 50-page opinion, U.S. District Judge Michael Baylson said that Flagship Credit Acceptance LLC (Flagship) ought to be able … Continue Reading
Virtually every company that provides goods or services to the public will, at some point, have a negative review posted online by a dissatisfied consumer. While such reviews are understandably upsetting, a company should not respond in kind with negative comments about the reviewer and certainly should not reveal personal or sensitive information about them. … Continue Reading
Beginning in 2016, the computer hacking organization known as “The Dark Overlord,” began to target victims in the St. Louis, Missouri area, including various health care providers, several accounting firms, and a medical records company. By remotely accessing these victims’ computer networks without authorization, The Dark Overlord was able to obtain sensitive records and information, … Continue Reading
The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act), N.Y. Gen Bus. Law§ 899-bb, requires businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards to protect that information. While this is a new law in the State of New York, it is simply joining other states, … Continue Reading
On October 17, 2019, the Department of Health and Human Services (HHS) published proposed rules to update the regulatory Anti-Kickback Statute (AKS) safe-harbors and exceptions to the Physician Self-Referral (PSR) Law, known commonly as the Stark Law (AKS proposed rule available here; PSR proposed rule available here). In an earlier blog post, we described each of the proposed … Continue Reading
The ADA was enacted in 1990 to prohibit discrimination against persons with disabilities. It did not include express rules about access to websites and mobile apps. But that hasn’t stopped a flood of lawsuits against companies based on claims their websites or mobile apps might not be accessible to people with disabilities, such as visual, … Continue Reading
Another day, another suit against a brand name for allegations of violation of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs’ attorneys are having a field day filing class action lawsuits based on BIPA. Late last week, Google was sued in Cook County, Illinois in a proposed class action, alleging that it violated BIPA by … Continue Reading
Vimeo, Inc. was sued last week in a class action case alleging that it violated the Illinois Biometric Information Privacy Act by “collecting, storing and using Plaintiff’s and other similarly situated individuals’ biometric identifiers and biometric information…without informed written consent.” According to the Complaint, Vimeo “has created, collected and stored, in conjunction with its cloud-based … Continue Reading
The Federal Trade Commission (FTC) announced in a press release on September 25, 2019, that it has filed a Complaint against Match Group, Inc. (Match), the owner of Match.com, Tinder, OKCupid, PlentyOfFish and other alternative dating sites, alleging that it “used fake love interest advertisements to trick hundreds of thousands of consumers into purchasing paid … Continue Reading
On September 10, 2019, California federal judge, U.S. District Judge Yvonne Gonzalez Rogers, entered a $267 million judgment against a debt collection agency, Rash Curtis & Associates (Rash Curtis), for its violation of the Telephone Consumer Protection Act (TCPA) for over 534,000 unsolicited robocalls. This judgment comes after a May jury trial in which the … Continue Reading
On September 9, 2019, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had settled its first ever HIPAA enforcement action arising from alleged violations of the individual right to access health information under HIPAA. OCR entered into a settlement with Bayfront Health St. Petersburg (Bayfront) in response … Continue Reading
In an interesting case from Indiana, a court recently ruled that language in the insurer’s “quotes” for coverage in a crime policy led the insured to believe that losses for computer hacking would be covered under the policy if the insured purchased coverage. The case, Metal Pro Roofing, LLC v. Cincinnati Insurance Company, 2019 WL … Continue Reading
In its second quarter Securities Exchange Commission (SEC) filing, Allscripts addressed its announced agreement in principle with the Department of Justice (DOJ) to resolve investigations into certain alleged practices of Practice Fusion, an electronic health records (EHR) vendor acquired by Allscripts in February 2018 for $100 million. Allscripts indicated the agreement is still subject to … Continue Reading
In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading
AT&T was sued this week in the Northern District of California by customers alleging that AT&T sold their location data to data aggregators without their consent. The proposed class action suit was filed on behalf of all AT&T wireless customers from 2011 to date. The suit alleges that AT&T sold customers’ location data to LocationSmart … Continue Reading
Two law firms were among the latest victims of the GozNym malware attack that caused a combined loss of more than $117,000. Law enforcement authorities recently announced the dismantling of a cybercrime network that used this GozNym malware to attempt to steal an estimated $100 million from victims in the United States and around the … Continue Reading
The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading
The Federal Trade Commission (FTC) issued an Order to File a Special Report to seven Internet broadband providers in the U.S., requesting information on how the companies “collect, retain, use and disclose information about consumers and their devices.” According to its press release, the FTC “is initiating this study to better understand Internet service providers’ … Continue Reading
DNA technology has assisted law enforcement in identifying criminals for decades. The U.S. National DNA Database System stores the DNA data of millions of criminals, and allows law enforcement officers around the country to compare and match forensic evidence in this central repository. This closed universe of DNA only contains data from individuals arrested or convicted of a … Continue Reading
