Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
SCHNUCK’S MASSIVE DATA BREACH RESULTS IN SEVERAL CLASS ACTION LAWSUITS
As we reported last month, Schnucks super market stores announced a data breach in March that potentially effected 2.4 million debit and credit card users. News reports have indicated that as many as 79 Schnucks stores may have had their customers’ card numbers and information stolen. As is often the case, class action lawsuits have … Continue reading
OFFICE OF CIVIL RIGHTS RINGS IN NEW YEAR WITH SIGNIFICANT HIPAA DATA BREACH SETTLEMENT
The HHS’ Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations of the HIPAA Security Rule. OCR made a point of announcing that the settlement is the first one that involves a breach of unprotected PHI affecting fewer than 500 individuals. In … Continue reading
NATIONWIDE INSURANCE LATEST VICTIM OF A DATA BREACH
Nationwide Mutual Insurance Company announced that part of its computer network has been hacked and that personal information effecting more than 1.1 million individuals has been stolen. The data breach occurred on October 3rd. The network that was breached is also used by Allied Insurance. Nationwide has determined that the compromised information includes names, birth … Continue reading
CREDIT CARD DATA SECURITY ISSUES RAISED ABOUT ROMNEY SUPER PAC IN WASHINGTON TIMES ARTICLE
This morning a Washington Times newspaper article raised potential data security issues with the online credit card system used by Restore Our Future, a Mitt Romney Super PAC. http://www.washingtontimes.com/news/2012/may/3/romney-super-pac-donors-put-at-credit-card-risk/. The article detailed how the super PAC’s computer system appears to lack fundamental security methods for protecting its donor’s personal information. The PAC is raising money … Continue reading
HHS Hits Insurer for $1.5 Million
On March 13, 2012 the U.S. Department of Health and Human Services announced that it settled its first enforcement action resulting from a reported HITECH breach. In the settlement, Blue Cross/Blue Shield of Tennessee agreed to pay One Million Five Hundred Thousand Dollar ($1,500,000.00) to resolve potential violations of the HIPAA Privacy and Security Rules. Additionally, … Continue reading
Getting Ready for Private Enforcement: Is a New Form of Quasi-Qui Tam Brewing?
We all know that neither HIPAA nor HITECH create a private right of action against a Covered Entity or a Business Associate. At most, a HIPAA violation may be deemed evidence of a breach in the standard of care. Thus far, HIPAA enforcement is in the hands of the Office of Civil Rights which may … Continue reading
On January 1, 2012 California’s Expanded Data Breach Notification Becomes Effective
California’s recently expanded Identity Theft Law takes effect January 1, 2012. Earlier this year, Governor Jerry Brown signed into law SD 24 which expands on the state’s data breach and identity theft notification requirements. The law establishes specific content for data breach notifications that must be sent to consumers. The notification must now include the … Continue reading
Moving (Slowly) Toward a National Data Breach Notification Standard
Just last week, small steps were taken toward setting a national standard for reporting of security breaches involving personal data. The Senate Judiciary Committee approved three proposed data breach bills: The Personal Data Privacy and Security Act of 2011, S. 1151 The bill incorporates several components of the Obama administration’s Cybersecurity Legislative Proposal [.pdf], including setting a … Continue reading
Texas Expands the Privacy Rights of Patients Beyond HIPAA and HITECH
The State Sets Mandatory Deadlines for Training, and Requires Breach Notification for all Healthcare Providers Doing Business in Texas. Texas, already known for its strict privacy laws, recently enacted legislation which surprisingly expands privacy rights beyond those proscribed in HIPAA and HITECH. This new law, HB300, will become effective on September 1, 2012. It will … Continue reading
CT AG Jepsen Carries Blumenthal’s Enforcement Torch
Connecticut Attorney General George Jepsen is continuing his predecessor’s aggressive efforts to safeguard the personal information of the state’s citizens. Former Connecticut Attorney General Richard Blumenthal, during his tenure, investigated numerous organizations regarding possible data breaches, and in one case, fined insurance provider Health Net $250,000 for losing the data of 500,000 Connecticut residents. Jepsen recently requested specific … Continue reading