Data Privacy + Security Insider

Leveraging Knowledge to Manage Your Data Risks

The Department of Justice (DOJ) recently announced two high-dollar False Claims Act (FCA) enforcement actions involving allegedly fraudulent arrangements tied to the implementation and use of electronic health record systems (EHRs). The respective settlements enable recovery by DOJ of over $100 million, and immediately precede the government’s recent proposal of new rules to promote the interoperability of EHRs. The settlements thus serve as an important reminder of the importance of adhering to federal fraud and…
We predicted last year that hackers would become more malicious in the future, not only stealing and selling data for nefarious purposes, but actually destroying data and even systems. That reality hit email provider VFEmail last week, and on February 12, founder Rick Romero tweeted “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they would want to completely and…
The Cybersecurity Information Sharing Act of 2015 (CISA) was intended to incentivize private entities to share threat intelligence information with the federal government (specifically the Department of Homeland Security), allowing all parties to react more quickly and efficiently to cyber threats. The vision was that thousands of companies would sign on, creating a powerful network that could form a joint defense in real time against emerging cyber threats. The dream is not going well. At…
The cyber insurance market continues to evolve, and major questions remain unanswered. Should policies cover regulatory fines? Should first- and third-party claims be addressed in separate policies? The list goes on. For the consumer, here is an interesting thought experiment: Is a company having limited access to cyber insurance actually a good thing? Aside from niche exceptions (like GINA, HIPAA, etc.), there is a dearth of regulation pertaining to how private entities treat personal data…
The 2016 U.S. Presidential election demonstrated the importance of digital campaigning. President Trump’s campaign was vastly outspent by Hillary Clinton’s campaign, and placed little emphasis on traditional ground-game tactics. Instead, Trump focused his campaign on digital strategies to target “persuadable voters” via social media. The outcome of the election demonstrated the efficacy of this strategy; not only did Clinton lose the election, but she became the first general election candidate in nearly 40 years to…
During WWII, Morse Code was an indispensable asset that allowed the allies to transmit sensitive information over long distances with great accuracy. However, it contained an obvious, and potentially fatal, flaw — it provided no built in mechanism for identifying the sender of the messages. In order to combat this, U.S. intelligence officers implemented a methodology known as the “Fist of the Sender,” an early system of “behavioral biometrics” that verified the sender’s identity by…
The HIPAA (Health Insurance Portability and Accountability Act) breach notification regulations require covered entities to self-report the unauthorized access, use or disclosure of unprotected protected health information (PHI) to the Office for Civil Rights (OCR). If the data breach involves more than 500 individuals, the notification must be made to the OCR immediately. If the breach involves fewer than 500 individuals, the covered entity must notify the OCR before 60 days after the end of…
This week, NASA selected the Nevada Institute for Autonomous Systems in Las Vegas and the Lone Star UAS Center for Excellence and Innovation in Corpus Christi, Texas to host the final phase of its four-year series of unmanned aircraft systems (UAS) technical demonstrations. Both of these organizations will host demonstrations to confirm whether NASA’s UAS Traffic Management (UTM) system functions safely and effectively in urban areas. The drone flights will take place in Reno, Nevada…
This was a particularly difficult travel week. In the past 36 hours, I have traveled on five planes in multiple cities (not always on the set itinerary due to diversions and mechanical issues) and the final leg of my travel home was “ground transportation” when my plane was diverted. Just so you know, when they mention “ground transportation” while you are sitting on a plane, it does not include a plane to your final destination.…
Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in order to purchase “Vbucks,” which is the currency used while playing Fortnite. The suit alleges that Vbucks, considered digital currency,…