Pennsylvania Governor Tom Wolf announced this week that the Commonwealth will not continue to do business with its contact tracing vendor following a security incident that potentially exposed the personal information of approximately 72,000 residents collected for the Department of Health’s (DoH) contact tracing program.

According to the (DoH), employees of the vendor created documents

It is being reported by Cointelegraph that ransomware group Netwalker is offering for sale data it exfiltrated from Pennsylvania based Crozer-Keystone Health System after the system declined to pay the requested ransom.

According to the report, Netwalker offered to sell the data through its darknet website for six days and if no one buys it,

On October 12, 2018, Pennsylvania approved a new law that imposes criminal penalties on individuals who use drone to spy on others. The law takes effect in 60 days.

Under this law, the state may impose a fine of up to $300 on any individual who uses a drone to invade another person’s privacy or

On April 13, 2018, the U.S. House Transportation and Infrastructure Committee (Committee) leadership introduced a five-year Federal Aviation Administration (FAA) reauthorization bill, FAA Reauthorization Act of 2018 (H.R. 4) (the Act). This bipartisan Act focuses on stabilization of the FAA with consistent funding instead of efforts to reform the air traffic control system. The Act

Walmart recently filed a patent for drones to aid their shoppers inside their stores –that is, a shopper would use a mobile device, provided by the store, to request a drone, and then direct the drone to conduct a price verification of a product or  to guide the customer to a particular product through the

Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million.

CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from a vehicle parked outside the employee’s home. (Again? Don’t get us started on why employees STILL have unencrypted laptops in their cars.)

The laptop contained the ePHI of 1,391 individuals who received mobile monitoring and response for cardiac arrhythmias by CardioNet. Since the breach involved more than 500 individuals, the OCR conducted an investigation. It alleges that as a result of the investigation, it found that CardioNet “had an insufficient risk analysis and risk management processes in place” and that the HIPAA Security Rule policies and procedures were in draft form and had not been implemented. Further, according to the OCR, CardioNet “was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.”
Continue Reading OCR Settles First Case With Wireless Provider for $2.5 Million

Back in August 2016, when the Federal Aviation Administration (FAA) announced its final small unmanned aerial systems (UAS) rule (or Part 107) FAA administrator, Michael Huerta said, “Our focus is to make this as streamlined as possible [. . .] We do not envision this being a very burdensome process.” However, Part 107 limits flights

A court in Pennsylvania recently held that an employer does not have a legal duty to act reasonably in managing its computer systems to safeguard sensitive personal information collected from its employees, when the employer elects, for purposes of its own business efficiencies, to store and manage such sensitive employee data on its internet-accessible

computer