A proposed settlement of a class action lawsuit against an Alabama hospital provides a total of up to $150,000 in relief to more than 1,200 individuals affected by a breach involving a former employee who was convicted of identity theft that led to federal tax refund fraud. What's unusual about the case?
While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why.
The U.K. has approved a plan to build a cutting-edge court complex in London designed to handle cybercrime, fraud and economic crime. The facility is expected to be a growth driver for the country's legal industry, despite the U.K.'s pending withdrawal from the European Union.
Leading the latest edition of the ISMG Security Report: CipherTrace CEO Dave Jevans discusses recent research on cryptocurrency money laundering and whether regulation is possible. Plus, California passes a new privacy law.
A federal grand jury in Pennsylvania has indicted a former patient coordinator on several counts of wrongfully obtaining and disclosing the health information of others. The case is the latest rare example of prosecutors pursuing criminal charges for HIPAA violations.
An Equifax software engineer has settled an insider trading charge with the U.S. Securities and Exchange Commission after he allegedly earned $77,000 after he made a securities transaction based on his suspicion that the credit bureau had suffered a data breach.
Federal authorities have arrested more than 35 suspects on charges that include selling illicit substances via darknet marketplaces - such as AlphaBay, Dream and Hansa - thanks in part to undercover agents posing as cryptocurrency money launderers. Authorities say the year-long investigation is continuing.
Privacy rights groups are calling on the Court of Justice of the European Union to clamp down on at least 17 EU governments that require domestic telecommunications firms to store all communications data, despite the court having ruled that such mass surveillance practices are illegal.
A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield her personal health information from public view. The ruling once again reaffirmed a longstanding precedent that individuals cannot sue for alleged HIPAA violations.
Starting Sept. 1, organizations in Colorado must notify victims of breaches of personal information - including health data - within 30 days of determination that a breach occurred. That's a tougher requirement than the HIPAA breach notification rule.
Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning.
What impact will an appellate court's ruling Wednesday that vacated the Federal Trade Commission's data security enforcement action against LabMD have on the agency's long-term enforcement activities? Regulatory experts are weighing in.
LabMD, a now-defunct cancer testing laboratory, has won a major victory in its longstanding legal dispute with the Federal Trade Commission. A U.S. Court of Appeals on Wednesday vacated an FTC enforcement action against the lab in a data security dispute dating back to 2013.
Congress is considering how to help beef up the healthcare sector's preparedness and response to cyber threats. But why is there so much confusion about the role of the Department of Health and Human Services?