California voters on Election Day passed the California Privacy Rights Act (CPRA), an update and partial overhaul to the California Consumer Privacy Act (CCPA), the landmark 2018 privacy law.  The new CPRA strengthens existing privacy protections, particularly for certain categories of sensitive personal information, and creates an independent enforcement agency.  However, privacy advocates like the ACLU of Northern California and the Electronic Frontier Foundation came out against or refused to support the measure, arguing…

The French Conseil d’Etat handed down an important decision October, 13th regarding privacy and personal data protection. This decision comes in the wake of the “Schrems II” ruling of the Court of Justice of the European Union (CJEU), which ruled that the protection of data transferred to the United States by the “Privacy Shield” was insufficient under European law. A platform managing health data (named “Health Data Hub”) was created in 2019 to facilitate the…

On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sectors to infect their systems with Ryuk ransomware for financial gain. CISA, FBI, and HHS state they have credible information of an increased…

On October 6, 2020, the Department of Homeland Security (“DHS”) released a 2020 Homeland Threat Assessment (“HTA”).  According to Acting Secretary Chad F. Wolf, the “first of its kind report” identifies the primary threats facing the nation and analyzes the vast array of information coming from all DHS operational components that crosses his desk on a daily basis.  “When the American people read this HTA they will be more aware of the traditional threats…

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory regarding potential sanctions risks related to facilitating ransomware payments, as covered in this post from Foley Hoag’s Security, Privacy, and the Law blog. OFAC is the federal agency responsible for implementing and enforcing U.S. sanctions against individuals, entities, and foreign governments involved in terrorism, narcotics trafficking, activities related to the proliferation of weapons of mass destruction,…

As founding counsel and a continuing member of the Advanced Cybersecurity Center, Foley Hoag is pleased to invite you to join us in these two programs, part of the ACSC’s 10th annual conference. Thursday, October 22, 2020, 10:00 am: Driving the Cybersecurity Agenda with the C-Suite and Boards – A CEO / CISO Fireside Chat Thursday, November 12, 2020, 12:30 pm: Massachusetts Economic Agenda: the Future for Digital and Cybersecurity Jobs – An Agenda-setting Conversation …

Foley Hoag partner Colin Zick weighs in on large health systems putting substantial resources into IT. “It’s not being ignored, but it’s a tough problem. Ransomware is turning into a big business.” Click here to read the full Fierce Healthcare article.…