There is no doubt that social media has its benefits, especially for medical practices that have come to use it for marketing and advertising. However, risks are lurking. On October 2, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a $10,000 settlement with a dental practice (the “Practice”) for disclosing protected health information of a patient when responding to a review on a Yelp page.
Continue Reading OCR Fines Dental Practice $10,000 For Social Media Disclosures
cybersecurity
Upcoming Seminar in Connecticut: Cyber Weapons You Must Deploy to Defeat the Criminals Stalking Your Small Business (and a Battle Plan to Launch Today)
Think your business is too small to risk a cyber security threat? Do you have:
- A point-of-sale cash register?
- A credit card authorization system?
- An email account?
- Old software?
- Any computer connected to the internet, ever?
We’ll explain the ways you never dreamed that you were at risk.
Continue Reading Upcoming Seminar in Connecticut: Cyber Weapons You Must Deploy to Defeat the Criminals Stalking Your Small Business (and a Battle Plan to Launch Today)
Federal Court Dismisses Federal Securities Class Action Based on Data Breach
For many years, the plaintiffs’ bar has been very active in bringing class action litigation against public companies immediately after the announcement of adverse news concerning a company, which many times triggers a decline in the company’s stock price. Since at least the Yahoo data breach in 2013 (which led to a settled SEC enforcement action and a recently-settled class action lawsuit), plaintiffs’ lawyers have been increasingly drawn to using data breach problems to allege misconduct or fraud by corporate officials charged with keeping the securities markets apprised of all material information about a public company.
Continue Reading Federal Court Dismisses Federal Securities Class Action Based on Data Breach
October is National Cybersecurity Awareness Month!
In recognition of National Cybersecurity Awareness Month, each Friday this October, we will highlight a different step that organizations can take to increase awareness of potential cyber threats, reduce the risk of a cyber attack or minimize damage from an attack. All four steps are solutions that all organizations, regardless of size or budget, can implement. Specifically, over the course of the month we will examine information security plans, training, vendor due diligence and data retention and destruction, as tools organizations can use to arm themselves to both prevent and in the event of a cyber attack.
Continue Reading October is National Cybersecurity Awareness Month!
Report on Cyber Readiness of Connecticut Utility Companies
On September 18, 2018, Connecticut’s governor released an annual report on the cybersecurity sophistication and readiness of the state’s electric, natural gas and major water companies. The four participating utility companies were Aquarion, Avangrid, Connecticut Water and Eversource.
Continue Reading Report on Cyber Readiness of Connecticut Utility Companies
Compliance With Established Cybersecurity Standards Provides Protection From Liability in Ohio
On August 3, 2018, the Governor in Ohio signed into law the Data Protection Act, which provides businesses with an affirmative defense to data breach claims if the business was in compliance with reasonable security measures at the time of the breach. Specifically, a business would have to show that it creates, maintains and…
The Seventh Circuit Weighs In On Standing
Yesterday the United States Court of Appeals for the Seventh Circuit weighed in on the consumer class action standing issue. The court found that Barnes & Noble customers have standing to pursue a class action concerning the hacking of the retailer’s PIN pads. In doing so, the Seventh Circuit reversed a district court ruling dismissing the complaint for failure to adequately plead damages. The Court of Appeals determined that the time value of money which had been removed from plaintiffs’ accounts (even though it was ultimately returned), the costs of credit monitoring, and the time invested to create new accounts all were sufficient to provide standing.
Continue Reading The Seventh Circuit Weighs In On Standing
Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness
According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing.
Continue Reading Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness
Legislature Addresses Ransomware Threat With Criminal Penalties
It is fitting that on the first day of Cybersecurity Awareness Month, new legislation takes effect regarding one of the most destructive types of malware. In response to the rapidly increasing rate of computer extortion cases, the Connecticut Legislature has joined several states in creating a statute specifically targeting ransomware. Ransomware is a type of…
Protecting Data: Vendors May Be Your Weakest Link
Just last week, a Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of fault, you own the resulting legal obligations and costs. The best tools for managing the risk of using vendors are due diligence and adequate contract provisions.
Continue Reading Protecting Data: Vendors May Be Your Weakest Link