As the US privacy landscape becomes more complex, understanding it becomes crucial. The US privacy landscape has expanded significantly over the past year and currently, 5 states have laws that will be going into effect in 2023.
Download this comprehensive guide to assess the current and upcoming policies:
A Georgia-based home health and hospice provider will pay $425,000 to Massachusetts to settle litigation stemming from a 2020 breach affecting about 166,000 individuals nationwide. The agreement comes shortly after Aveanna Healthcare settled a proposed class action lawsuit in federal district court.
The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.
SolarWinds, maker of network management software famously hacked by the Russian government, may be the subject of an investigation by the U.S. Securities and Exchange Commission after staff made a preliminary determination in its favor. The company says it will contest the staff recommendation.
A U.S. senator is suggesting adding cybersecurity standards to the list of federal prerequisites for medical practice participation in Medicare. Cybersecurity is a patient safety issue, says Mark Warner (D-Va.). He today released a slew of proposals for augmenting healthcare cybersecurity.
Federal regulators have issued new guidance explaining how they will consider the "recognized security practices" of healthcare entities and their business associates during HIPAA enforcement activities, such as breach investigations and security audits.
A second healthcare entity is self-reporting its use of Facebook Pixel in web patient portals as a data breach to federal regulators. North Carolina-based WakeMed Health and Hospitals told federal regulators it disclosed to the social media giant patient information of half a million individuals.
Healthcare entities need to rehearse breach response playbooks to avoid paying fines to the Department of Health and Human Services for poor incident response after a severe breach. Well-tested security incident response plans ensure the security of patient data, says the HHS Office of Civil Rights.
The federal tally of health data breaches reached a new milestone this week: Since its inception in September 2009, more than 5,000 major incidents have been posted to the Department of Health and Human Services' HIPAA breach "wall of shame."
As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.
An inquiry into European Union countries' use of Pegasus spyware is running into national opposition, said Jeroen Lenaers, head of the investigative committee. Pegasus can invoke national security sensitivities, Lenaers acknowledged, but said the inquiry is concentrated on questions of law.
Health insurer EyeMed Vision Care will pay New York regulators $4.5 million to settle an investigation into its 2020 data breach incident. States are becoming more aggressive in applying enforcement actions against data breaches, say regulatory attorneys.
The chief executive of alcohol delivery app Drizly is set to come under a decadelong requirement imposed by the U.S. Federal Trade Commission to ensure whatever company he oversees has an information security program. A hacker stole customer records of 2.5 million individuals from Drizly in 2020.
The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack. The firm kept employee data on servers running obsolete versions of Windows and used outdated antivirus software.
Advocate Aurora Health is notifying 3 million individuals of a health data breach involving the organization's "previous" use of web tracking tools from tech vendors including Google and Facebook's parent company, Meta. The entity says it has disabled or removed those tracking services.