The Federal Communications Commission (FCC) has announced its proposal to create a Schools and Libraries Cybersecurity Pilot Program that would help K-12 schools and libraries protect their broadband networks and data from cyber threats. The pilot program is part of the FCC’s Learn Without Limits initiative, which aims to ensure connectivity and digital equity for
Enforcement + Litigation
HHS Settles with Doctors’ Management Services Over Ransomware Attack
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health information of 206,695 individuals.
According to the press release, “this marks the first ransomware agreement OCR has reached.” The facts underlying…
SEC Hits SolarWinds and CISO with Investor Fraud Suit Over Cybersecurity
In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this week, the SEC filed suit against SolarWinds and its Chief Information Security Officer (CISO) alleging that SolarWinds and its CISO…
40 Countries Including US Vow Not to Pay Ransomware
The United States joined 39 other countries this week in the International Counter Ransomware Initiative, an effort to stem the flow of ransom payments to cybercriminals. The initiative aims to eliminate criminals’ funding through better information sharing about ransom payment accounts. Member states will develop two information-sharing platforms, one created by Lithuania and another jointly…
NYAG Settles with Personal Touch for $350,000 over Phishing Incident
According to a press release, Personal Touch, a home health company located on Long Island, has reached a settlement with New York Attorney General Letitia James for $350,000 for a data breach that occurred in January of 2021 when a Personal Touch employee “opened a malware-infected file attached to a phishing email that allowed…
Supreme Court to Decide Federal Government’s Ability to Engage with Social Media Companies in Content Moderation
This week we are pleased to have a guest post by Robinson+Cole Artificial Intelligence Team patent agent Daniel J. Lass.
After previously finding that the Biden White House and the FBI likely violated First Amendment free speech protections for some users of online social media platforms, the Fifth Circuit expanded its ruling to find…
Shareholder Suit Against Meta for Data Breach Goes Forward
Meta (formerly Facebook) has been hit with a revived class action shareholder suit stemming from its involvement with Cambridge Analytica, a firm that infamously mined Facebook user data for hyper-targeted political engagement. The 9th U.S. Circuit Court of Appeals in San Francisco restored shareholders’ claims that Meta falsely stated that user data “could” be compromised…
Update on CPRA Regulations for Cybersecurity Audits and Risk Assessments from the CPPA
In August, the California Privacy Protection Agency (CPPA) released its initial draft regulations for cybersecurity audits and risk assessments under the California Privacy Rights Act (CPRA). While the CPPA has not yet commenced its formal rulemaking process for these regulations, once finalized, businesses will be required to perform annual cybersecurity audits and regularly submit risk…
PharMerica and Amerita Sued in Class Actions for Breach of Patient Data
PharMerica and its subsidiary Amerita’s Specialty Infusion Services (Amerita) are already facing class action lawsuits after patients received a September 5, 2023, data breach notification letter. When the businesses detected suspicious activity on both the PharMerica and Amerita networks, a forensic investigation determined that a threat actor had gained access to the systems sometime in…
Advocate Aurora Health to Pay $12.25 Million Settlement for Data Breach Class Action
In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.
In its breach notification to patients, Advocate Aurora…