The Federal Communications Commission Updates Its Data Breach Rules

On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules.  These updated rules require telecommunications providers to report breaches of customer proprietary network information, such as numbers that have been dialed and when they have been dialed, but also require reporting of personally-identifiable information (PII), such as driver’s license numbers, Social Security numbers, and credit card numbers.  The new FCC rules also require companies to report accidental breaches,… More

FBI and CISA Issue Advisory on Scattered Spider Ransomware Attacks

Key Takeaways:

  • The Federal Bureau of Investigation (FBI) and Cybersecurity & Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory in response to recent activity by the threat actor group known as Scattered Spider.
  • Scattered Spider is known to target large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – for ransomware attacks.
  • Scattered Spider largely relies upon impersonating IT support professionals and manipulating target company employees into sharing passwords or running malicious executables through remote access software.…
  • More

CISA Publishes Mitigation Guide to Combat Cyber Threats in the Healthcare and Public Health Sectors

If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the Healthcare and Public Health Sectors.  This somewhat technical guide is a little dry, but it offers solid recommendations and sugested best practices to combat the pervasive cyber threats affecting the Healthcare and Public Health (HPH) Sectors.… More

Your Password Can’t Possibly Be This Bad, Can It?

NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies.  According to NordPass’s analysis, the “top” 20 passwords are:

          1. 123456
          2. password
          3. part of the company’s name*
          4. 12345
          5. aaron431
          6. part of the company’s name2012*
          7. Part of the company’s name*
          8. PART OF THE COMPANY’S NAME443*
          9. company name2014*
          10. linkedin
          11. pass1
          12. company name*
          13. COMPANY NAME’S ABBREVIATION1*
          14. company name*
          15. 00000
          16. 1111
          17. company name*
          18. 1234
          19. Med
          20. company name*

Obviously,… More

Massachusetts Extends Protections for Counseling Records of Survivors of Sexual Assault

Massachusetts Extends Protections for Counseling Records of Survivors of Sexual Assault

The Massachusetts Supreme Judicial Court has ruled in In the Matter of a Motion to Compel, SJC-13336 that the Superior Court could not order a Massachusetts counseling center to turn over, at the behest of a Rhode Island court, counseling records of the alleged minor victim of a sexual assault that occurred in Rhode Island,… More

President Biden Issues Executive Order on Use of Artificial Intelligence in Healthcare Settings

Key Takeaways:

  • This executive order (EO) directs federal agencies to review and develop policies to guide the use of artificial intelligence that touches every sector of the economy.
  • The EO directs the Department of Health and Human Services (HHS) to establish an HHS AI Task Force to develop a strategic plan on the responsible deployment of AI and AI-enabled technologies in healthcare settings.…
  • More

NY State Education Department Bans Facial Recognition Technology

In late September, the NY State Education Department issued a two-page order providing that NY public schools may not purchase or utilize facial recognition technology. The Department relied on a report issued by the NY Office of Information Technology Services in August that was critical of the privacy implications of facial recognition technology, but left open the door for the use of other types of biometric technology in schools.… More

HHS OCR/ONC Announce Latest Version of Security Risk Assessment Tool

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment (SRA) Tool.

The SRA Tool is designed to help healthcare providers conduct a risk analysis as required by the HIPAA Security Rule. Identifying and assessing potential risks and vulnerabilities to electronic protected health information (ePHI) are foundational elements in the implementation of security measures that protect ePHI.… More

New EU-US Data Privacy Framework Promises Greater Ease for Cross-Border Transfers, but Uncertainty Remains

Ed. Note:  Thank you to Summer Associate Nicole Onderdonk for her significant contributions to this post.

On July 10, 2023, the European Commission (EC) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF, or “Privacy Framework”), which establishes the Privacy Framework as an authorized mechanism under the General Data Protection Regulation (GDPR) for personal data to be transferred freely from the European Union (EU) to United States (U.S.) companies,… More

Seven Major U.S. Tech Organizations Voluntarily Commit to A.I. Safeguards

Ed Note:  Thank you to Summer Associate Nicole Onderdonk for her significant contributions to this post.

On July 21, 2023, the White House announced that seven leading A.I. organizations (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI) agreed on and committed to immediately implementing voluntary safeguards for the development of artificial intelligence (A.I.) technology. Although not legally binding, these “voluntary commitments” mark one of the first steps in what could develop into a U.S.… More