There is no doubt that social media has its benefits, especially for medical practices that have come to use it for marketing and advertising.  However, risks are lurking.  On October 2, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a $10,000 settlement with a dental practice (the “Practice”) for disclosing protected health information of a patient when responding to a review on a Yelp page.
Continue Reading OCR Fines Dental Practice $10,000 For Social Media Disclosures

Think your business is too small to risk a cyber security threat? Do you have:

  • A point-of-sale cash register?
  • A credit card authorization system?
  • An email account?
  • Old software?
  • Any computer connected to the internet, ever?

We’ll explain the ways you never dreamed that you were at risk.
Continue Reading Upcoming Seminar in Connecticut: Cyber Weapons You Must Deploy to Defeat the Criminals Stalking Your Small Business (and a Battle Plan to Launch Today)

For many years, the plaintiffs’ bar has been very active in bringing class action litigation against public companies immediately after the announcement of adverse news concerning a company, which many times triggers a decline in the company’s stock price.  Since at least the Yahoo data breach in 2013 (which led to a settled SEC enforcement action and a recently-settled class action lawsuit), plaintiffs’ lawyers have been increasingly drawn to using data breach problems to allege misconduct or fraud by corporate officials charged with keeping the securities markets apprised of all material information about a public company. 
Continue Reading Federal Court Dismisses Federal Securities Class Action Based on Data Breach

In recognition of National Cybersecurity Awareness Month, each Friday this October, we will highlight a different step that organizations can take to increase awareness of potential cyber threats, reduce the risk of a cyber attack or minimize damage from an attack.  All four steps are solutions that all organizations, regardless of size or budget, can implement. Specifically, over the course of the month we will examine information security plans, training, vendor due diligence and data retention and destruction, as tools organizations can use to arm themselves to both prevent and in the event of a cyber attack. 
Continue Reading October is National Cybersecurity Awareness Month!

Yesterday the United States Court of Appeals for the Seventh Circuit weighed in on the consumer class action standing issue.  The court found that Barnes & Noble customers have standing to pursue a class action concerning the hacking of the retailer’s PIN pads.  In doing so, the Seventh Circuit reversed a district court ruling dismissing the complaint for failure to adequately plead damages.  The Court of Appeals determined that the time value of money which had been removed from plaintiffs’ accounts (even though it was ultimately returned), the costs of credit monitoring, and the time invested to create new accounts all were sufficient to provide standing.
Continue Reading The Seventh Circuit Weighs In On Standing

According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing.
Continue Reading Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness

It is fitting that on the first day of Cybersecurity Awareness Month, new legislation takes effect regarding one of the most destructive types of malware.  In response to the rapidly increasing rate of computer extortion cases, the Connecticut Legislature has joined several states in creating a statute specifically targeting ransomware. Ransomware is a type of

Just last week, a Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of fault, you own the resulting legal obligations and costs. The best tools for managing the risk of using vendors are due diligence and adequate contract provisions.
Continue Reading Protecting Data: Vendors May Be Your Weakest Link