On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.

Of the $2 million, $750,000 will be

Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million

Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance industry, a wave of states have either enacted or are pursuing legislation aimed at regulating the cybersecurity measures of insurance companies.

In 2017,

On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018.

Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct

In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to

The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise

We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP).

The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance

On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut.

The seven principles set forth in the Strategy document include:

  • Leadership
  • Literacy
  • Preparation
  • Response
  • Recovery
  • Communication

Medjack is a form of malware that was specifically developed to attack medical devices, such as heart monitors, CT and MRI machines, insulin pumps and PAC systems.

Medjack has been in existence since 2015, and Medjack.2 came on the scene in the summer of 2016. Medjack.2 was able to bypass security controls and use cybersecurity