2025 State Privacy Laws Taking Effect: Key Compliance Considerations for Employers and Businesses
March 18, 2025
Fisher & Phillips LLP writes: With eight states rolling out new privacy laws in 2025 and many more already on
Fisher & Phillips LLP writes: With eight states rolling out new privacy laws in 2025 and many more already on
From the law firm of BakerHostetler: In data breach litigation, courts generally find plaintiffs have standing such that their complaints
Top Class Actions reports: Mortgage lender loanDepot agreed to a $25 million settlement to resolve claims it failed to prevent a
Teiss reports: Harvard Pilgrim Health Care and its parent company, Point32Health, have reached a $16 million settlement to resolve claims
Seen at Epstein Becker Green’s Health Law Advisor: New York State appears poised to become the fourth state to explicitly
Consumer Alerts
Analytics Insight explains the risk to consumers and what individuals and companies can do to protect themselves: The US Cybersecurity
Back in May 2024, the FBI issued a warning about the increasing threat of cybercriminals using AI in their scams to make
Miscellaneous News
You may not always know who your partners are. The Washington Post reports: An innovative company lionized for devising ways
CISA Series reports: CISA is pushing back against reports that it has been directed to stop tracking Russian cyber threats,
In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 school districts across the United States have reported data breaches that resulted from hackers breaching the network of retirement service provider Carruth Compliance Consulting. Earlier
DevOps reports: A popular GitHub Action used in more than 23,000 code repositories has been compromised in a supply chain attack by attackers who introduced a malicious commit aimed at leaking secrets like passwords held in public repositories. In the compromise, which is being tracked as CVE-2025-30066, bad actors modified the code in GitHub Actions tj-actions/changed-files – which is used by repositories to track change files – by injecting a Node.js function that includes base64-encoded instructions that download a malicious Python
Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed to pay just over $11 million to resolve alleged false claims submitted to the U.S. Department of Defense. While American values dictate that we thank
About Lawsuits reports that all the state and federal lawsuits against Change Healthcare should be coordinated: The U.S. District Judge appointed to preside over all Change Healthcare data breach lawsuits brought throughout the federal court system has issued an order, outlining a plan to coordinate the pretrial proceedings in the federal multidistrict litigation (MDL) with claims pending at the state court level. The litigation emerged a little more than a year ago, after Change Healthcare announced that it was the target of
KOAA in Colorado reports: The personal information of over 1,000 veterans in Colorado may be at risk after a data
SecurityWeek reports that Dragos has published an interesting case study about an attack by the Chinese threat actors known as
From CISA.gov, a #StopRansomware advisory: Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025,
Bleeping Computer reports that Globe Life is notifying an additional 850,000 people of a breach it discovered last year: On
The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA
There is another update to Rhode Island’s incident response to a cyberattack last year that involved their vendor, Deloitte. Data