Cybersecurity, Corporate Governance, and Risk Management: Best Practices

As litigators, we help clients resolve conflicts that have matured into disputes.  In the realm of cybersecurity, we defend claims brought by private parties or governmental entities against companies facing the fallout from a data breach.

In advising clients in the context of litigation, we have identified tools that are available to mitigate or prevent the types of breaches that we see in litigation.  In the area of cybersecurity, companies have begun to consider the… More

Top Tips for OCR HIPAA Audit Preparation

Written by Elizabeth Snell | This article was originally published on HealthITSecurity.com 

The recently announced OCR HIPAA audits are not a cause for panic, according to experts, especially of organizations have proper documentation.

With the most recent round of OCR HIPAA audits announced just last month, many healthcare organizations are working to ensure that they are prepared should they be called for investigation.

OCR HIPAA audits will take thorough preparation

While the announcement should not come as a total surprise, several healthcare legal experts explain that covered entities that maintain thorough documentation of… More

EU General Data Protection Regulation Adopted

After years of intense discussions, the EU General Data Protection Regulation (GDPR) was finally adopted on 14 April 2016.

The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies.  For example:

data controllers (companies collecting and using personal information) will have a wide range of new obligations, including: data breach notification; implementation of the right to be forgotten; appointment of a data protection officer; privacy impact assessment before processing data; and implementation… More

EU-US Privacy Shield: Working Party Urges European Commission to Improve Current Scheme

After the invalidation of the Safe Harbor by the European Court of Justice (“ECJ”) last October in the Schrems case, negotiations between the European Commission and US authorities led to a new agreement called the EU-US Privacy Shield.  However, the EU’s 1995 Data Protection Directive provides that the Article 29 Working Party (“WP29”) has to issue an opinion on this kind of agreements and it did so on April 13. It concluded that the proposed version of the Privacy Shield does not offer a protection essentially equivalent to that offered under EU law. WP29 noted… More

How Hospitals Can Avoid Being the Next Ransomware Victim

Hospitals are increasingly the target of hackers, particularly in the form of “ransomware.”  What follows is a primer on ransomware and how to avoid being a target of it.

What is ransomware? 

Ransomware is a type of malware that limits users’ access to their computer systems. It functions by locking a user’s system and/or encrypting its files.  Once ransomware gains access to a single workstation, it can “travel across [a] network and encrypt any files located on… More

iPhone Access Gets Attention, ‘Stingrays’ Fly Under The Radar

Previously published in Law360, April 5, 2016. Posted with permission.

While eyes have been peeled on the U.S. Department of Justice’s efforts to obtain a court order to hack the iPhone of one of the San Bernardino killers, garnering far less scrutiny is law enforcement’s more routine use of powerful cellular tracking devices before a defendant is even charged. Called cell-site simulators, IMSI-catchers or “Stingrays” after the brand name of the leading product in the field, these trackers… More

Practical Tips to Avoid Being Caught in an IRS Phishing Trap

As a follow-up to our recent discussion of IRS-related phishing attempts, here are a few quick tips to stay out of the phishing traps:

In general, the IRS does not communicate with taxpayers via e-mail, so any time someone receives an e-mail from the “IRS,” they should be suspicious at the outset. Even if the IRS did correspond with taxpayers via e-mail, there are some features of the following example that indicate the IRS… More

The Future of Data Privacy Regulation in Massachusetts? AG’s Office Foreshadows State Action on Consumer Data in First-of-its Kind Conference

What is the future of data privacy regulation in Massachusetts?

On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society, and MIT’s Internet Policy Research Initiative and Computer Science and Artificial Intelligence Laboratory, the AG’s Office convened a “Forum on Data Privacy.”  In this first-of-its-kind conference, stakeholders from government, academia, business, and consumer groups assembled to discuss the inherent… More

HHS OCR Launches Phase 2 of HIPAA Audit Program–So What?

You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal?  If you are a HIPAA covered entity, you surely know by now what you are supposed to be doing.  And you probably have been doing it– so just check around to make sure before you get the dreaded letter from HHS OCR.  And if you are a HIPAA business associate, you are probably a bit behind the covered entities, but again, it’s not a secret what you need… More