Tag Archives: covid-19

Is Your Business Collecting COVID-19-Related Employee Data? If So, You May Need to Update Your CCPA Employee Notice

The California Consumer Privacy Act (CCPA) requires businesses covered by the CCPA to notify their employees of the categories of personal information the business collects about employees and the purposes for which the categories of personal information are used. The categories of personal information are broadly defined in the CCPA and include personal information such … Continue Reading

Dealing with Two Schoolyard Bullies: Schools Are Forced to Contend with Cyber-attacks While Also Trying to Manage Covid-19 Crisis

Criminals are apparently not taking any time off during this pandemic, and in fact by all accounts have increased their attacks, particularly targeting entities whose attention is diverted to dealing with the fallout of the Covid-19 crisis. In particular, educational institutions across the country have faced a recent onslaught of ransomware attacks, often crippling an … Continue Reading

Secureworks 2020 Incident Response Report Confirms Increased Vulnerabilities with At Home Workers During Pandemic

Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising. The Report, entitled Pandemic-Driven Change: The Effect … Continue Reading

Privacy Tip #256 – COVID-19 Scams Continue to Plague U.S. Public

It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link offering information or access to specialized treatment for COVID-19 to lure people to click on them. Once they click on … Continue Reading

U.S. Chamber of Commerce and FICO Release Security Guidelines on Telework During COVID-19

It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty of controlling the security of at-home technology equipment such as routers, printers, personal assistants and other IoT devices, … Continue Reading

OFAC Issues Advisory on Sanctions for Facilitating Ransomware Payments

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.” The advisory acknowledges that the incidents of ransomware attacks on U.S. companies have risen during the COVID-19 pandemic. Although the advisory does … Continue Reading

Carnival Cruises Hit with Ransomware

Adding insult to injury for cruise ship company Carnival Corporation (Carnival) following the hit from the pandemic to the travel industry as well as a class action lawsuit relating to the Diamond Princess’ fate during the pandemic, Carnival disclosed in its August 17, 2020 8-K filing that it recently  experienced a ransomware attack. According to … Continue Reading

Connecticut Insurance Department Reminds Licensees to Comply with Data Security Law

On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance. The Act requires “all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered … Continue Reading

Automated Vehicles Assist with Contactless Delivery During COVID-19 Pandemic

Several autonomous vehicle developers stopped their on-road testing to keep staff at home during the COVID-19 pandemic, but others pivoted to COVID-19 relief, not only to be useful but to gain experience. Some companies and developers in this space have taken this opportunity to deploy self-driving cars and driverless bots to help deliver goods both … Continue Reading

Chinese and Russian Hackers Targeting COVID-19 Vaccine Makers in U.S. Crosshairs

Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a … Continue Reading

Three Keys to Avoid Microsoft Teams Data Swamp

The COVID-19 pandemic has certainly forced companies to innovate and explore new ways of working across its workforce and client base. Some have decided to dive head first into implementing collaboration technologies such as Microsoft Teams. Afterall, it’s part of the Microsoft stack, so in theory such a decision doesn’t require a significant financial investment. … Continue Reading

What Does 2020 Have in Store for CCPA Enforcement and Litigation?

While the California Consumer Privacy Act (CCPA) went into effect on January 1st of this year, the California Attorney General submitted the final draft of proposed regulations only last month. With the CCPA’s inclusion of a private right of action for California residents to seek actual or statutory damages if their personal information has been … Continue Reading

Cyber-Attacks Against Maritime Industry Quadrupled in Last Few Months

A recent report released by the British Ports Association and Astaara, a risk management firm based in the U.K., concludes that since February 2020, the maritime industry has seen a dramatic increase in cyber-attacks. The number of attacks has quadrupled, as companies struggle with COVID-19 and remote work forces. According to the report, in what … Continue Reading

AGs Express Concerns About Contact Tracing Apps and Protection of Consumer Personal Information

As many states continue to reopen businesses and permit more gatherings, public health officials are looking to contact tracing as a key strategy for preventing further spread of COVID-19.  In contact tracing, public health staff work with patients who have suspected or confirmed COVID-19 infection to help them recall everyone with whom they had close … Continue Reading

OCR Issues Guidance About Media Access to Health Care Facilities

These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare … Continue Reading

Small Business Administration Loan Portal Compromised

Following the devastating impact of the coronavirus on small businesses, many small businesses applied for a disaster loan through the Small Business Administration (SBA) for relief. Small businesses that qualify for the disaster loan program, which is different than the Paycheck Protection Program offered by the SBA, can apply for the loan by uploading the … Continue Reading

New York Department of Financial Services Issues Guidance Regarding Heightened Cybersecurity Awareness During COVID-19 Pandemic

The New York Department of Financial Services (DFS) recently issued guidance to its regulated entities regarding heightened cybersecurity awareness as a result of the COVID-19 pandemic. DFS described three primary areas of heightened risk during this time: remote working, increased instances of phishing and fraud, and third-party risks. With respect to remote working, DFS noted … Continue Reading

Privacy Tip #236 – Foreign Government-Backed Phishing Attacks Pose as Fast Food Chains

Google has warned users in a blog article that nation state-backed hackers are using the COVID-19 crisis to ramp up phishing attempts and, in one example, are posing as American fast food franchises and sending malicious emails with fake offers and coupons to government officials and health care workers. Google has identified over 12 government-backed … Continue Reading

Interpol Issues Alert on Increased Risk of Ransomware Attacks Against COVID-19 Medical Organizations

Interpol has issued an alert to global law enforcement agencies about the increased risk of ransomware attacks on hospitals, health care providers and other organizations on the front line of response to the COVID-19 pandemic. The Purple Notice, issued to all 194 member countries, notified them that Interpol’s Cybercrime Threat Response team has detected a … Continue Reading

City of L.A. Email Blunder Exposes COVID-19 Test Results to All Recipients

Although email seems to be the preferred method of communication during the coronavirus pandemic, an error made by a City of Los Angeles employee is one to learn from and avoid repeat. Unfortunately, when emailing COVID-19 results to multiple individuals, instead of blind copying the recipients with the results, a staff member from the City … Continue Reading
LexBlog