We previously reported that Banner Health (Banner) started sending notices to over 3.7 million individuals about a data breach that started with food and beverage purchases and ended up compromising employee and patient information [view related post]. This data breach is the largest so far this year.

Less than a week after Banner started

This week, in Salt Lake City, lawmakers approved a bill that would allow Utah authorities (i.e., firefighters or law enforcement) to disable and down drones if they are being flown too close to wildfires. Governor Gary Herbert said, “This summer, wildfires in the state have become significantly worse due to drones interrupting air operations. It

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and (ii) the applicability of HIPAA’s Breach Notification Rule to ransomware attacks. This guidance is particularly timely due to the

The Centers for Medicare and Medicaid Services released a final rule permitting “qualified entities” to sell Medicare claims data to providers and others for use in improving quality of care. The rule expands on CMS’ Qualified Entity Program, which permits organizations to apply to become qualified to receive Medicare Parts A, B, and D claims

In a third update to the data breach of 6.5 million kids’ information and 5 million parents’ information, VTech Holdings Ltd. (VTech) is facing backlash from plaintiffs’ attorneys and regulators.

First, VTech Electronics North America LLC was hit with the now usual class action suits following a data breach–two so far–filed in the Northern District

On November 6, 2015, the EU Commission released its guidance for businesses relating to the EU safe harbor.

The commission indicated that since the invalidation of the safe harbor framework, it has “stepped up” talks with the U.S. regarding transfer of data from the EU to the U.S. but acknowledged that global companies were

Dow Jones & Co. has notified 3500 of its customers that their information was accessed by an unauthorized individual in a data breach that spanned from August 2012 through July 2015.

The unauthorized access, through malware, exposed the names, addresses, email addresses, telephone numbers, and credit card information of 3,500 subscribers, including subscribers to The

U.S. District Judge Gary Feinerman denied Amazon, Inc.’s (Amazon) motion for summary judgment on October 7, 2015, in Illinois federal court, in a class action case over alleged violations of the Fair Credit Reporting Act (FCRA), stating that while Amazon said it offered plaintiff compensation to drop his accusations, “there is no offer of judgment