Litigation and legal developments concerning data breaches.
Colorado Attorney General Phil Weiser announced a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC. The settlement arose from a 2021 data breach affecting patient and employee data. The state claimed that Broomfield violated a number of state laws that are specifically identified in the assurance of discontinuance (settlement). The following is the press […]
When New York State Attorney General Letitia James announced a settlement with Marymount Manhattan College stemming from a data breach in 2021, some people discussing the case online were surprised that a state could go after a non-profit college that way, and they wondered if the state could get that kind of settlement with a […]
The U.S. Department of Homeland Security has released a report, “Harmonization of Cyber Incident Reporting to the Federal Government.” The report, which was released on Sept. 19, notes that there are currently dozens of cyberattack reporting requirements at the federal level. DHS is seeking to come up with a manageable and solution: … this report […]
In August, The Data Breach Times reported a data breach involving UnitedLex that raised questions about their security and incident response. The article also noted a lawsuit that was filed by a former employee. This week, the Kansas City Business Journal reports another lawsuit stemming from that breach. This one reportedly: accuses UnitedLex of negligence […]
Bloomberg Law reports that MultiCare Health System will get another chance to avoid liability for attempts to recoup wage overpayments in litigation following a hack of its vendor timekeeping system Kronos in 2021. With the timekeeping system not functioning due to a ransomware attack, many firms wound up using old wage statements or other methods […]
According to a report by Bloomberg Law, e-commerce services vendor Freestyle Solutions Inc. failed to convince a federal court judge in New Jersey to totally dismiss a lawsuit by Penn LLC (PulseTV). The lawsuit stemmed from a data breach affecting more than 236,000 customers of PulseTV whose payment card data was compromised in a breach that continued […]
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA […]
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents. The rules will impose a number of new requirements, including disclosures regarding: Read more of this article at Workplace Privacy, Data Management & Security Report.
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways: Cybersecurity Audits Read more of this article at Inside […]
BOSTON – A Russian businessman was sentenced today in federal court in Boston for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks. Vladislav Klyushin, a/k/a “Vladislav Kliushin,” 42, of Moscow, Russia, was sentenced by U.S. District Court Judge […]
