Archives: Uncategorized

Subscribe to Uncategorized RSS Feed

NIST Issues Blockchain Technology Report to Help Businesses “Make Good Decisions” About Using Blockchain

On January 24, 2018, the National Institute of Standards and Technology (NIST) issued its “Draft NIST Interagency Report 8202 Blockchain Technology Overview” which it announced as NIST’s “Report on Blockchain Technology Aims to Go Beyond the Hype.” The press release announcing the issuance of the report starts by stating “Beguiling, baffling or both—that’s blockchain. Aiming to … Continue Reading

Google Tracking of Android Users Goes Beyond the Expected

By now most smartphone users are aware of location tracking used by both Apple and Android operating systems.  Basic location tracking is a system which uses GPS data to know the phone user’s location.  However, according to a recent article published by Quartz, Google’s data collection goes far beyond basic location tracking.  Not only does … Continue Reading

Lessons Learned from Recent OCR HIPAA Audits

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results … Continue Reading

Stored Communications Act Does Not Prohibit Disclosure of Deceased’s Yahoo Account

In what appears to be a case of first impression in the Commonwealth of Massachusetts, the Supreme Judicial Court (SJC) has ruled that Yahoo may disclose the contents of a deceased’s Yahoo email account to his personal representatives and is not precluded from doing so by the Stored Communications Act (SCA). The subscriber passed away … Continue Reading

Two Class Action Suits Filed Against Banner Health Less Than A Week After Notices Are Sent Regarding Data Breach

We previously reported that Banner Health (Banner) started sending notices to over 3.7 million individuals about a data breach that started with food and beverage purchases and ended up compromising employee and patient information [view related post]. This data breach is the largest so far this year. Less than a week after Banner started sending out … Continue Reading

Utah votes to let authorities disable drones near wildfires

This week, in Salt Lake City, lawmakers approved a bill that would allow Utah authorities (i.e., firefighters or law enforcement) to disable and down drones if they are being flown too close to wildfires. Governor Gary Herbert said, “This summer, wildfires in the state have become significantly worse due to drones interrupting air operations. It … Continue Reading

HHS: Ransomware attacks likely HIPAA breaches in absence of encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and (ii) the applicability of HIPAA’s Breach Notification Rule to ransomware attacks. This guidance is particularly timely due to the … Continue Reading

CMS allows qualified entities to sell claims data

The Centers for Medicare and Medicaid Services released a final rule permitting “qualified entities” to sell Medicare claims data to providers and others for use in improving quality of care. The rule expands on CMS’ Qualified Entity Program, which permits organizations to apply to become qualified to receive Medicare Parts A, B, and D claims … Continue Reading

VTech in quagmire following data breach of 6.5 million kids’ information

In a third update to the data breach of 6.5 million kids’ information and 5 million parents’ information, VTech Holdings Ltd. (VTech) is facing backlash from plaintiffs’ attorneys and regulators. First, VTech Electronics North America LLC was hit with the now usual class action suits following a data breach–two so far–filed in the Northern District … Continue Reading

EU data transfer update

On November 6, 2015, the EU Commission released its guidance for businesses relating to the EU safe harbor. The commission indicated that since the invalidation of the safe harbor framework, it has “stepped up” talks with the U.S. regarding transfer of data from the EU to the U.S. but acknowledged that global companies were seeking … Continue Reading

Dow Jones & Co. notifies 3,500 of data breach

Dow Jones & Co. has notified 3500 of its customers that their information was accessed by an unauthorized individual in a data breach that spanned from August 2012 through July 2015. The unauthorized access, through malware, exposed the names, addresses, email addresses, telephone numbers, and credit card information of 3,500 subscribers, including subscribers to The Wall … Continue Reading

Amazon’s motion for summary judgment denied in FCRA class action suit

U.S. District Judge Gary Feinerman denied Amazon, Inc.’s (Amazon) motion for summary judgment on October 7, 2015, in Illinois federal court, in a class action case over alleged violations of the Fair Credit Reporting Act (FCRA), stating that while Amazon said it offered plaintiff compensation to drop his accusations, “there is no offer of judgment … Continue Reading

Three more Darkode Hackers Prosecuted

We previously reported on the prosecutions of Darkode members. Three more members of the computer hacking forum Darkode have pled guilty to accessing protected computers without permission, and for violating the CANSPAM Act. All three (in addition to 9 others prosecuted several weeks ago) were part of a scheme to scan for and infiltrate internet … Continue Reading

Big win for telemarketers: Courts rule that consumers consented to calls and texts by providing number to the companies

On August 21, 2015, the 11th Circuit upheld the dismissal of a class action against DCI Biologicals, Inc. (DCI) for its alleged violations of the Telephone Consumer Protection Act (TCPA). DCI is a blood plasma collection center, and a blood plasma donor, Joseph Murphy, alleged that DCI sent him unsolicited text messages using an autodialer.   … Continue Reading

NIST issues Cybersecurity Practice Guide for Electric Utilities

Yesterday, the National Cybersecurity Center of Excellence issued its NIST Cybersecurity Practice Guide, Draft Special Publication 1800-2 “Identity and Access Management for Electric Utilities.” The Guide is a result of collaboration between NIST and utilities stakeholders, including the energy sector and technology vendors, to design an example solution to help energy companies manage and control … Continue Reading

Security bug found in Samsung® smartphones

Samsung recently announced that more than 600 million Samsung mobile devices contained a factory installed third party software produced by SwiftKey that predicts the words you will type  on your keyboards. The issue with the SwiftKey software is its contains a flaw that permits hackers to access the device when the Keychain software is applying … Continue Reading

CMS Proposes Final Meaningful Use Objectives and Measures in EHR incentive programs Stage 3 Proposed Rule

On March 30, 2015, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (Proposed Rule) setting forth meaningful use criteria for Stage 3 of the Medicare and Medicaid Electronic Health Record Incentive Programs (EHR Incentive Programs). CMS intends for Stage 3 to be the final stage of the EHR Incentive Programs, and … Continue Reading

World War C: Cyber Warfare

Contributed by Winthrop Smith, Milford, Connecticut, 3L Roger Williams University Law School State-sponsored hacking occurs when a country funds cyber hacking organizations or groups in order to infiltrate a company’s or government’s cyber system for the sole purpose of stealing personal/sensitive information in the hope of turning a profit, gaining intelligence, or destroying mainframes. Since … Continue Reading

Issues Concerning Medical Identity Theft

Contributed by Lena Thomas, 3L Roger Williams University Law School Whenever a large data breach occurs in the healthcare industry, such as the Anthem Blue Cross Blue Shield breach this past winter, some news stories always seem to focus on the strange medical catastrophes that could result—like going to an emergency room with acute appendicitis … Continue Reading

Privacy Policy of Mobile Apps: No Standard for Transparency

Contributed by Evan D’Abrosca, West Warwick, Rhode Island, 3L Roger Williams University Law School In the standards set by the California Online Privacy Protection Act (CalOPPA) to developers of websites and mobile applications, websites and apps have to have their privacy policy clearly labeled, properly displayed, easy to read, and transparent for the user. All … Continue Reading
LexBlog