Former customers of the now-defunct encrypted communications service EncroChat, which was infiltrated by police last year, continue to get busted, including members of a crime syndicate that operated "an industrial-scale cocaine laboratory" in the Netherlands, Europol says.
A federal $25,000 HIPAA settlement with a clinical laboratory is significant because it calls for a wide-ranging corrective action plan. And the enforcement action is unusual because it's the result of a compliance review of a covered entity not directly tied to the data breach that triggered the investigation.
A data security incident involving a Canada-based insurer that provides comprehensive health coverage to students studying abroad shines a light on complex international regulatory issues companies can face in the wake of a data breach.
As HHS weighs potential modifications to the HIPAA Privacy Rule, regulators must consider aligning those changes with other health data regulations that deal with privacy, patient access to records and secure exchange of electronic health information, some industry groups commenting on the proposal say.
The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But is it time to update the security rule itself?
Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.
A proposed privacy framework from the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
Security practitioners often tread a fine and not entirely well-defined legal line in collecting current and meaningful research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area.
HHS has issued its18th enforcement action in a case involving failure to provide timely access to a patient's requested health records, demonstrating that even the smallest organizations aren't exempt from enforcement efforts.
What happens when an e-commerce retailer sends customers a data breach notification email with a subject line that reads "strictly private and confidential"? "Clearly trying to make people stay quiet," responded one unamused Fat Face customer. Others report being none the wiser as to what risks they now face.
As the compliance deadline for new regulations that require easier access to patient records approaches, regulators have issued their 17th HIPAA settlement in a case involving failure to provide a patient with timely access to records.