Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our

Last week, on the two-year anniversary of the small Unmanned Aircraft Systems (UAS) rule (or Part 107), a report was released by the Association of Unmanned Vehicle Systems International (AUVSI) stating that the Federal Aviation Administration (FAA) has granted approximately 2,000 waivers since the inception of Part 107. Part 107 sets forth certain parameters and

With Independence Day fireworks now coming to an end, many cities in the Western United States are talking about the wildfire liability that comes with the use of fireworks over drought-stricken land. The alternative to fireworks? Well, possibly drones. This year in Aspen, Colorado, the city put on its annual Fourth of July show using

Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health center, for alleged HIPAA violations. The fine, a whopping $400,000 for the center, which provides health care services to low income patients, settled alleged HIPAA violations of failing to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI…and to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.”

The problem is that OCR has never provided guidance on what this phrase means. What qualifies in its opinion as an “accurate and thorough assessment?” What are security measures that are “reasonable and appropriate?” The terms are inherently subjective and could move with the facts or the particular OCR investigator.
Continue Reading OCR Levies Hefty Fine Against FQHC

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning

This week, the Federal Trade Commission (FTC) and ten states settled charges against the Florida-based cruise line, Caribbean Cruise Line, Inc. (CCL), for an illegal telemarking campaign that inundated consumers with billions of unwanted robocalls. In settling these charges, CCL’s owner, Fred Accuardi, and all of his companies are barred from robocalling and illegal telemarketing.

Phoenix, Arizona, based Banner Health (Banner), reportedly one of the largest health care organizations in the country, began notifying up to 3.7 million patients this week of a data breach of its computer systems that processes food and beverage purchases at some of its locations. The intrusion was initiated on June 17, and discovered by