For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.
In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data. Other organizations can use the case as a "teachable moment," one attorney advises.
Breach victims who sign up for free fraud-monitoring services from breached businesses that lost control of their data often sign away their right to join class-action lawsuits or pursue other legal actions, and Marriott proved to be no exception, following its mega-breach. But it now appears to be backing off.
Is there anything better than being offered one year of "free" identity theft monitoring? Regularly offered with strings attached by organizations that mishandled your personal details, the efficacy and use of such services looks set for a U.S. Government Accountability Office review.
The extra-territorial scope of Europe's General Data Protection Regulation (GDPR) is much more applicable to the new global digital markets of the 21st century, and many other countries, regions and states are following the core principles of GDPR and introducing new data protection and data privacy requirements, such...
The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority. Some Democratic lawmakers have slammed the report for failing to advance legislative or oversight changes to help prevent breaches.
The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.
The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.
Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.
An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.
Two health IT professional associations are urging Congress to "modernize" HIPAA to extend patients' rights to securely access, view, download and transmit their health information - including health data not currently covered under HIPAA. Regulatory experts size up whether the proposed changes are feasible.
A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.
Financial institutions of all sizes can use a new Cybersecurity Profile tool to help them comply with a variety of regulations and implement the NIST Cybersecurity Framework, says Denyette DePierro of the American Bankers Association.