In a rare sharing of information about vulnerabilities in a blog post, Microsoft this week urged customers to download software patches to Microsoft Exchange Server after it detected “multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.” According to Microsoft’s Threat Intelligence Center, “[W]e are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance…

Data Privacy + Cybersecurity Insider

FinCEN Alerts Banks to Pandemic Relief Payment Fraud

By Linn Foster Freedman

March 4, 2021

The Financial Crimes Enforcement Network (FinCEN) recently issued an advisory to banks that outlined fourteen red flag indicators to be on the lookout for (and report) related to pandemic related economic relief payments. Entitled “Advisory on Financial Crimes Targeting COVID-19 Economic Impact Payments,” FinCEN issued the advisory based on its “analysis of COVID-19-related information obtained from Bank Secrecy Act (BSA) data, public reporting, and law enforcement partners.” The types of fraud that have been detected…

Data Privacy + Cybersecurity Insider

Worldwide Plans for Apps and Cards to Prove Your Vaccination Status: Are There Privacy Concerns?

By Kathryn Rattigan

March 4, 2021

A new commercial has hit the airwaves in Israel. It begins with a door swinging open to reveal a beautiful seaside patio with a couple awaiting their dinners as a voiceover says, “How much have we missed going out with friends?” Well, with the Green Pass “a door simply opens in front of you” and we can “return[ ] to life.” This commercial is advertising Israel’s version of a digital vaccine passport. Although there are…

Data Privacy + Cybersecurity Insider

Virginia Has a New Data Privacy Law

By Kelly Sweeney

March 4, 2021

Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA) on Tuesday, March 2, 2021. Virginia now joins California as the second state to have a data privacy law. The law takes effect on January 1, 2023, so businesses have some time to get ready. In our previous article on the proposed legislation, we described the new consumer rights available, the lack of a private right of action, and detailed which businesses will have…

Data Privacy + Cybersecurity Insider

Do You Have a Backup Payroll Plan?

By Linn Foster Freedman

March 4, 2021

What do you do if your HR benefits and payroll vendor suffers a cyber-attack and payroll can’t be run? Do you have a backup plan for running payroll? How will you communicate with your employees? And if your benefits and payroll vendor has a cyber-incident and your employees’ highly sensitive data is exfiltrated, what will be your response and your liability? Here is a perfect tabletop exercise that is real. This week, it is being…

Data Privacy + Cybersecurity Insider

Privacy Tip #274 – COVID Vaccine Scams Rampant

By Linn Foster Freedman

March 4, 2021

The news is full of stories about crashing vaccination scheduling websites, seniors who are unable to get their vaccine appointment, and how different states are rolling out their limited supplies of COVID vaccines. People are becoming desperate in the scramble to get vaccinated during or even before their allotted time, and scammers know that and are banking on it. Vaccine scams are so rampant that the Federal Trade Commission (FTC) issued an alert this…

Data Privacy + Cybersecurity Insider

Free Ransomware Service Offered to U.S. Hospitals

By Linn Foster Freedman

February 25, 2021

The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist U.S.-based private hospitals with ransomware and cyber-attacks for free. CIS, a not-for-profit entity, “is fully funding this for private hospitals at no cost, and with no strings attached, because it’s the right thing to do, and no one else is doing it at scale.” According to the announcement, the product is designed…

Data Privacy + Cybersecurity Insider

Renown Health Pays $75,000 to Settle Right-of-Access Violation Under HIPAA

By Kathryn Rattigan

February 25, 2021

Renown Health, P.C. (Renown), a non-profit health system in Nevada, settled with the U.S. Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services in a matter resulting from an enforcement action for a potential violation of patients’ access rights under the OCR’s Health Insurance Portability and Accountability Act of 1996 (HIPAA) Right-of-Access Initiative. The Renown settlement is the 15th settlement under this initiative. Renown paid $75,000 and agreed to: Develop…

Data Privacy + Cybersecurity Insider

Consumer Reports Releases Model State Privacy Act – More States Introduce Consumer Privacy Legislation

By Deborah George

February 25, 2021

This week, Consumer Reports published a Model State Privacy Act. The Consumer advocacy organization proposed model legislation “to ensure that companies are required to honor consumers’ privacy.” The model legislation is similar to the California Consumer Privacy Act, but seeks to protect consumer privacy rights “by default.” Some additional provisions of the model law include a broad prohibition on secondary data sharing, an opt-out of first-party advertising, and a private right of action in…

Data Privacy + Cybersecurity Insider

Flying Car Receives EASA Certification in Europe

By Kathryn Rattigan

February 25, 2021

PAL-V, the first flying car to be allowed on the road in Europe, is now also the first flying car to complete full certification with the European Union Aviation Safety Agency (EASA). The PAL-V Liberty (flying car) went through 10 years of testing, and now is in the final phase of compliance demonstration before becoming available to customers. PAL-V CEO, Robert Dingemanse, said, “Although we are experienced entrepreneurs, we learned that in aviation everything is…

Data Privacy + Cybersecurity Insider

Leveraging Knowledge to Manage Your Data Risks

Blog Authors

Microsoft Urges Customers to Patch Exchange Server “Zero Day” Vulnerabilities

FinCEN Alerts Banks to Pandemic Relief Payment Fraud

Worldwide Plans for Apps and Cards to Prove Your Vaccination Status: Are There Privacy Concerns?

Virginia Has a New Data Privacy Law

Do You Have a Backup Payroll Plan?

Privacy Tip #274 – COVID Vaccine Scams Rampant

Free Ransomware Service Offered to U.S. Hospitals

Renown Health Pays $75,000 to Settle Right-of-Access Violation Under HIPAA

Consumer Reports Releases Model State Privacy Act – More States Introduce Consumer Privacy Legislation

Flying Car Receives EASA Certification in Europe

Stay Connected

Company

Products

Support

New to the Network