Litigation and legal developments concerning data breaches.
Legislation proposed in September would mandate minimum cybersecurity requirements in the healthcare sector. Kevin Wood, the Chair of Winstead’s Healthcare Industry Group, writes: …. Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels […]
South Korea’s Personal Information Protection Commission has fined Meta 21.61 billion won for leaking the personal information about its users without their consent. That’s $15.5 million at today’s conversion rate. Joong Ang Daily reports: The Personal Information Protection Commission (PIPC) said Meta had collected such information about 980,000 users located in Korea via their Facebook […]
Bundeskriminalamt (BKA) announced the seizure of two websites and two arrests: In an internationally coordinated operation by the Central Office for Combating Internet Crime ( ZIT ) of the Public Prosecutor General’s Office in Frankfurt am Main, the Hessian State Criminal Police Office ( HLKA ) and the Federal Criminal Police Office ( BKA ) on suspicion of various cybercrime offenses, officers of the HLKA executed […]
Christopher R. Smith of Epstein Becker & Green, P.C. writes: On July 12, 2024, the FDA provided small dispensers—those employing 25 or fewer full-time pharmacists or pharmacy technicians—with an exemption from the Drug Supply Chain Security Act’s (“DSCSA”) enhanced drug distribution security (“EDDS”) requirements until November 27, 2026.[1] The FDA had previously announced a stabilization period effectively delaying […]
The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
There are so many data breaches and data leaks every day that potential class action lawsuits or announcements of law firm investigations of breaches seems somewhat de rigueur by now. But not all lawsuits stem from huge breaches. Here’s one that stems from a mistaken configuration that exposed student information for 24 hours. Reuters reports: […]
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]
Settlements were announced by the FTC and state attorneys general yesterday. Only the state settlement involved a monetary penalty because the FTC had no authority to impose penalties in its case. Settlement with the FTC Source: The Federal Trade Commission $52 Million Settlement with States Source: NYS Attorney General’s Office
A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect on October 2, 2024. All general hospitals covered by the regulation must comply with the new provisions within one year of the adoption date, except that general hospitals must […]
Brian Montgomery is a partner at Pillsbury and a former NYDFS deputy superintendent. Mark Krotoski is a partner at Pillsbury and former national coordinator for the Computer Hacking and Intellectual Property Program at the Department of Justice. In an article on Bloomberg Law, they write: Cybersecurity regulations can be a constantly moving target, with digital advances and […]
