On October 16, 2024, the U.S. and International cyber security agencies issued a Joint Cybersecurity Advisory warning of Iranian cyber actors’ brute force and credential access activities that have compromised critical infrastructure organizations. The Advisory provides details on these activities along with mitigation and detection ...
On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) issued a memorandum entitled Texting of Patient Information and Orders for Hospitals and CAHs (the 2024 Memo), which provides updated guidance to State Survey Agency Directors.
HHS and AHA alert health care sector of software vulnerablity dubbed the "Citrix Bleed" that can be exploited by bad actors to cause damage, including ransomware.
The FTC recently took enforcement action against an online e-commerce company and its CEO for failing to implement data security policies and procedures to protect the personal information of consumers. The FTC alleged that the company’s inadequate security measures and its website Privacy Policy regarding such measures constituted unfair ...
Best practices in IT data security include the use of multi-factor authentication (MFA) but cyber threat actors are evading the data security that MFA is intended to provide. To combat this, CISA recently issued guidance and fact sheets urging the migration to phishing-resistant MFAs such as FIDO/WebAuthn and PKI-based MFA. If this is not feasible ...
CISA issues Shields Up cyber alert for every U.S. organization due to Russian government's use of cyber attacks as a pressure strategy on other governments.
CISA issues statement on critical vulnerability in products that contain log4j software library. Bad actors are exploiting the vulnerability to steal information, launch ransomware, or conduct other malicious activity. Ten major tech vendors issue statements that one or more of their products are affected by the log4j vulnerability ...
KRONOS payroll support services notifies customers of ransonware attack. A ransomware attack that compromises employee personal information could trigger data breach notification for employers under state breach notification laws.
Bi-partisan group of U.S. Senators release cyber incident notification bill that would require most entities in critical infrasture sectors to notify CISA within 24 hours of a ransomware attack and other cyber intrusions.
FBI, HHS and CISA issue Joint Cybersecurity Advisory warning hospitals and health care community about coordinated ransomware attacks on hospitals designed to steal data and freeze hospital systems for financial gain.
U.S. Treasury Department issues ransomware advisories and warns financial institutions, cyber insurers and others involved in cyber incident response that paying the ransom to regain access to computers or files after an attack may be sanctionable conduct.
The FTC reports an increase in COVID-19 related scams. The scams include phishing emails with fake termination notices and malicious links and fraudulent contact tracing emails with requests for money. Read this post with links to resources on protecting yourself and employees from Coronavirus-related cybercrime ...
Written by: Kathie McDonald-McClure
On Monday, July 13, 2020, the Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a SAP cybersecurity alert, No. AA20-195A, regarding a critical vulnerability that an unauthenticated attacker could exploit through the Hypertext Transfer Protocol (HTTP) to take control ...
CISA issues new Cybersecurity Alert on May 5, 2020 to warn of APT groups exploiting COVID-19 pandemic. APT actors use password sprays to hack into pharmaceutical, medical research organizations, universities and their supply chains, and steal “bulk personal information, intellectual property and intelligence that aligns with national ...
Wyatt Offers Data Security Tips for “New Normal” of Telework. As office workers and healthcare providers switched to telework and telehealth under state stay-at-home orders, malicious cyber actors were ramping up to take advantage of the security gaps that would inevitably accompany such a sudden transition. Wyatt’s data privacy counsel ...
COVID-19 expanded the use of telehealth and it's likely here to stay. Cyber criminals are taking advantage of healthcare's quick turn to audio-video platforms without having taken time to protect health information from unauthorized disclosure. Here are some tips to ensure your audio-video communication is secure ...
On April 21, 2020, the American Hospital Association alerted its members that the Federal Bureau of Investigations (FBI) had issued an FBI Flash to update healthcare providers on additional cyber activity* that continues to exploit fears related to the COVID-19 pandemic. The FBI stated that it had been notified of targeted email phishing ...
By Margaret Young Levi and Kathie McDonald-McClure
Among the many mandates of the Affordable Care Act (ACA) (a/k/a “Obama Care”) still in force today is Section 1557. Section 1557 prohibits discrimination on the basis of race, color, national origin, sex, age, or disability in certain health programs or activities. The U.S ...
Allscripts' ransomware attack on its cloud-based platforms triggers HIPAA compliance obligations for "covered entities" who entered patient health information on those platforms. A putative class action lawsuit filed on behalf of providers using the Allscripts platforms alleges the attack was a HIPAA "breach". Providers who used these ...
On Wednesday afternoon, May 3, 2017, cybercriminals appeared to have launched a massive malicious email campaign. The emails ask the recipients to click on a link to view a document purportedly shared on Google Docs. Upon clicking the link, the account owner is asked to enter their Google account log-on credentials. The cybercriminals use the ...
The Federal Trade Commission (FTC) Bureau of Consumer Protection released a study this month (March 2017) indicating that business entities could be doing more to stop malicious emails from hitting the inboxes of employees. The goal behind many malicious emails is to trick individuals into turning over either their own confidential ...
Blockchain technology may solve healthcare IT's security and interoperability challenges. The HHS ONC and healthcare IT developers are rushing to explore its capabilities and launch opensource development tools.
Wyatt Tarrant & Combs, LLP is sponsoring the Kentucky Chamber’s Cyber Security and Data Privacy seminar on Tuesday, February 28, 2017, at the Griffin Gate Marriott Resort in Lexington, Kentucky. We’ve put together a terrific panel of presenters, including, among others, representatives of Homeland Security and Crowdstrike, the firm ...
The United States Court for the Eleventh Circuit granted LabMD's motion to stay enforcement of the FTC's Final Order, holding that there was no proof that LabMD’s failure in securing the privacy of the patient data at issue caused injury or harm or that it was “likely to cause” injury or harm
On July 29, 2016, the Federal Trade Commission (FTC) made the latest move in its battle with LabMD, Inc. (LabMD) when it reversed an initial decision by an administrative law judge (ALJ). The FTC determined that LabMD’s data security practices constitute an unfair act or practice within the meaning of Section 5 of the Federal Trade Commission Act. ...
On July 11, 2016, the HHS Office for Civil Rights issued a Fact Sheet about Ransomware for entities subject to HIPAA. Due to the unique nature of ransomware in making computer data inaccessible, OCR notes that patients may still need to be notified if care is compromised as a result of a ransomware attack. The HIPAA standard that presumes there is a breach ...
By Kathie McDonald-McClure
We recently posted an article about Tennessee's amendment to its data breach notification law. This amendment has drawn much attention among cyber security professionals and corporate general counsel across the country. As Jennifer Williams-Alvarez reported in her article for Corporate Counsel magazine
Earlier this week, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two, multimillion dollar settlements relating to “potential” privacy and security violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Both settlements stem from the entity’s reports to OCR ...
As the April 15th tax filing deadline draws near, cybercrime related to filing fraudulent tax returns to obtain tax refunds has picked up. On March 1, 2016, the United States Internal Revenue Service (IRS) issued an Alert for Payroll & HR Professionals on scam emails that attempt to trick company personnel into turning over employee W-2s ...
UPDATE: Senate Bill 23 did not become law during 2016 Kentucky Legislative Session. The bill was passed unanimously by the Senate. It was then sent to the House, where it was read twice, amended, but never read for the third and final time.
Overview
The Commonwealth of Kentucky’s General Assembly is considering a bill which would permit parents ...
One of the goals of our HITECH Law blog is to start dialogue and share information and insights in the ever changing world of cyber security. In our previous post, “Ten Easy Cyber Security Measures…”, we relayed some information from the FBI about thieves breaking into gas pumps and inserting card readers. One of our readers sent us some ...
The Wyatt, Tarrant & Combs Data Privacy & Security Services Team offers 10 cyber security New Year's resolutions to help protect you and your business in 2016. Read the tips on the Wyatt HITECH Law Blog!
Data privacy and security issues are bursting at the seams in ALL industry sectors due to the ability to connect to the internet through networks, apps and a multitude of devices that enable individuals and organizations to collect, transmit, store and use information in a multitude of ways. Connecting to the internet poses privacy and security ...
