LATEST POST
New York’s Health Information Privacy Act Poised to Become the Latest in a Growing Trend of State Data Privacy Laws
Seen at Epstein Becker Green’s Health Law Advisor: New York State appears poised to become the fourth state to explicitly regulate consumer health data not covered by the federal Health Insurance Portability and Accountability Act (HIPAA). In May of 2023, Washington State enacted the My Health My Data Act; in June of 2023, Connecticut amended […]
HHS Office for Civil Rights Imposes a $1,500,000 Civil Money Penalty Against Warby Parker in HIPAA Cybersecurity Hacking Investigation
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $1,500,000 civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of prescription and non-prescription eyewear, concerning violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, following the receipt of a breach […]
StopRansomware: Ghost (Cring) Ransomware
From a joint advisory by CISA and the FBI: The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)— (“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Beginning early […]
Judge Sets Deadline for Motions to Dismiss Claims in Change Healthcare Data Breach Lawsuits
The HIPAA Journal reports: A District Court Judge has set a March 2025 deadline for Change Healthcare to file motions to dismiss certain claims raised in multiple complaints in response to its February 2024 ransomware attack and data breach. In February 2024, Change Healthcare suffered a ransomware attack that resulted in file encryption and the […]
Australian IVF Giant Genea Discloses Cybersecurity Incident Exposing Company Data
TechNadu reports: Genea, one of Australia’s leading fertility service providers, has revealed a cybersecurity breach that disrupted patient services and raised concerns about the potential exposure of sensitive information. The company, which operates 21 clinics nationwide, confirmed the incident in a statement on its website on Wednesday. While Genea confirmed that an unauthorized party accessed its data, […]
Venture capital giant Insight Partners hit by cyberattack
Bleeping Computer reports: New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. The company manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups and companies worldwide during its 30 years of activity. […]
Finastra Starts Notifying People Impacted by Recent Data Breach
SecurityWeek reports: British fintech giant Finastra last week started sending written notifications to individuals who had their personal information stolen in a data breach. The incident came to light in mid-November 2024, after a threat actor offered on an underground forum data allegedly stolen from the company’s systems. The hacker claimed the theft of 400 gigabytes […]
Privilege Under Pressure: The Shifting Data Breach Investigation Landscape
From the law firm of Greenberg Traurig: Read more about recent federal cases that are posing challenges to claiming attorney-client privilege or work product doctrine at The National Law Review.