With the U.S. COVID-19 public health emergency expected to end in May, the government is set to scrutinize telehealth providers for HIPAA violations. That’s why healthcare firms should review their telehealth platforms and vendors, says privacy attorney Adam Greene of Davis Wright Tremaine.
The European Commission has directed employees to remove the ByteDance-owned, short-form video app TikTok from their phones and corporate devices, citing security concerns. The decision follows similar bans in the U.S. and other countries, driven by fears of Chinese hacking and influence.
Automaker Tesla revised settings for its in-built cameras after a probe by the Dutch data privacy agency found its default settings enabled illegal recording and retention of data. "Teslas parked on the street were often filming everyone who came near the vehicle," DPA board member Katja Mur said.
The Los Angeles Unified School District confirmed that records containing mental health data and other sensitive information of about 2,000 students, including 60 current pupils, were among data leaked in a ransomware attack last fall by Russian hacking group Vice Society.
The European Commission is preparing a proposal mandating more cooperation among national government agencies charged with enforcing the General Data Protection Regulation. Nationally driven enforcement of the regulation has emerged as a sore point for some during the GDPR's first half decade.
Federal regulators are working on proposed rule to modify HIPAA to better safeguard the privacy of reproductive health data. The Biden administration last year already issued guidance about the application of the HIPAA Privacy Rule to information about reproductive health.
The attorneys general of Pennsylvania and Ohio have slapped a DNA testing lab with HIPAA settlements totaling $400,000 in the wake of a 2021 hack of a legacy database that affected 2.1 million individuals nationwide, including nearly 46,000 consumers in the two states.
Maintaining compliance with strict data privacy regulations while relying on non-compliant paper-based processes or insecure legacy systems can be nearly impossible. As is juggling multiple web form collection tolls and legacy systems that don't integrate or scale results in data silos. Inefficiency and paper...
Attackers have been actively exploiting a zero-day vulnerability in widely used managed file transfer software GoAnywhere MFT to take full control of systems, and in some cases to deploy ransomware. Vendor Fortra has released a patch and urged users to review systems for unusual behavior.
A group of bipartisan U.S. senators is seeking answers from three telehealth companies about their data tracking and sharing practices. The move comes as privacy and security concerns about broader data sharing by technology firms also are growing.
Cedars-Sinai Medical Center in Los Angeles has joined a growing list of organizations being sued for allegations that its use of website tracking codes is unlawfully sharing individuals' personal and health information to third-party social media and marketing companies.
On the heels of an enforcement action last week by the Federal Trade Commission, telehealth and discount prescription drug provider GoodRx now also faces a proposed class action lawsuit over its data-sharing practices with third parties and the use of website tracking code.
Today’s evolving cyber-risk environment requires an ‘assume breach’ mindset.
Chief Information Security Officers (CISOs) know it. So do regulators, IT Security auditors, boards and cyber insurance providers, who are increasingly mandating adoption of Zero Trust cybersecurity principles.
Join CyberArk for...
A Scottish school system decided not to use facial recognition in its secondary school cafeterias after international outcry. The U.K. Information Commissioner's Office said Tuesday that the North Ayrshire Council failed to obtain freely given consent for the system.
The FTC has for the first time enforced its almost 14-year-old health data breach notification rule. It hit a telehealth and prescription drug discount provider with a $1.5 million civil penalty for failing to inform consumers that it shares their data with advertisers and other third parties.