A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as … Continue Reading
Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning … Continue Reading
On March 23, 2017, New York State Attorney General Eric T. Schneiderman announced settlements with three mobile health application (app) development companies aimed at curbing deceptive marketing practices and inadequate privacy disclosures to consumers. The settlements – reached with Cardiio, Inc., Matis Ltd., and Runtastic GmbH, respectively – target health measurement apps that “purport to … Continue Reading
Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to … Continue Reading
New York Governor Andrew Cuomo announced a series of cybersecurity proposals that are designed to protect consumers and government entities from cybercrime and identity theft. One of the proposals includes the creation of a Cyber Incident Response Team that would support state and local government bodies, critical infrastructure and schools. It will be led by … Continue Reading
Since 1958, when the Supreme Court held that the State of Alabama’s attempt to compel the NAACP to disclose its membership lists infringed on the members’ constitutional rights to freedom of speech and assembly, charities and donors have expected donor information to remain confidential. However, recent developments in New York have thrown that expectation into … Continue Reading
American Eagle Outfitters (American Eagle) settled a class action filed against it for alleged Telephone Consumer Protection Act (TCPA) violations for $14.5 million last week. The class action complaint alleged that American Eagle send unsolicited text message messages to over 600,000 unique cell phone numbers without prior written consent as required by the TCPA. The … Continue Reading
From the Griffiss International Airport in Rome, New York to the Hancock International Airport in Syracuse, New York, unmanned aerial systems (UAS or drones) may freely fly the 50-mile stretch in an effort to increase technological advancement for developers of UAS. Executive Director of the NUAIR Alliance, Larry Brinker, says that “companies are going to … Continue Reading
On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions (Covered Entities) regulated by the New York Department of Financial Services (the “DFS”). The Regulation is tightly focused, but with broad reach. It appears to … Continue Reading
Trump International Hotels Management has agreed to pay the State of New York $50,000 for two data breaches that exposed over 70,000 customer credit card numbers and other personal information, according to New York Attorney General Eric Schneiderman. The first data breach involved the infection of the Trump Hotels’ system with malware that affected hotels … Continue Reading
The proposed New York Department of Financial Services Cybersecurity Requirements for Financial Institutions (the “Regulation”) has many different aspects that are designed to bring about overall improvement in cybersecurity programs. One that has yet to be explored is how the Regulation elevates the role of the Chief Information Security Officer (the “CISO”) beyond the traditional … Continue Reading
Social media users should beware of online scams purporting to offer free Aer Lingus flights. One scam asks users to fill out a questionnaire for a chance to win Aer Lingus tickets in celebration of Aer Lingus’ 80th anniversary. Once they have completed the questionnaire, users are told they have won two free tickets to … Continue Reading
In an era of cyberwarfare, financial institutions can find themselves in the crossfire. The U.S. government indicted seven Iranian hackers last week, charging the individuals for their roles in a 2011 series of cyber-attacks targeting at least 46 major banking institutions. The attacks, which Attorney General Loretta Lynch called “relentless,” “systematic” and “widespread,” were carried … Continue Reading
Focused Technologies Imaging Services (Focused Technologies) of Menands, New York was awarded a $3.45 million contract by the state of New York back in 2008 to digitize and scan records of background checks of 22 million people. The information contained in the background checks included fingerprints, Social Security numbers, signatures, dates of birth, and the … Continue Reading
After seemingly endless years of rulemaking, the first decisions applying the amended Federal Rules of Civil Procedure have begun to trickle out. Not surprisingly, there have been no game changers to date, but early signs point to a heavy emphasis on the principles of proportionality, a concept entrenched in the Rules since the 1980s but … Continue Reading
With the revelations that the Paris and San Bernardino attackers used encrypted communications to recruit, communicate and plan their attacks, the U.S. government is again pushing the tech industry to provide it backdoor access to encryption protocols. Bypassing security mechanisms through a backdoor, law enforcement believes, permits it to more effectively track users and content, … Continue Reading
Attorney General Eric Schneiderman announced last week that his office has settled its investigation of Uber Technologies, Inc. (Uber), over allegations that Uber executives could access an aerial view of riders’ locations dubbed “God View.” Readers may recall that Uber was in the news when a reporter found out that executives were allegedly targeting his … Continue Reading
The controversy over what is a “computer crime” under the Computer Fraud and Abuse Act (CFAA) is now settled for New York, Connecticut, and Vermont. In a case we have been watching on the blog for months, United States v. Valle, the Second Circuit held that the CFAA should be read narrowly. The Court summarized … Continue Reading
“Going Dark” refers to law enforcement’s lack of technical ability to intercept and access communications and information. In response, the Department of Justice (DOJ) is using a law from the 1700s, the All Writs Act, which grants courts the power to issue “necessary or appropriate” writs to force cellphone manufacturers to assist it in extracting … Continue Reading
