Privacy & Security
Following the Supreme Court decision to overturning Roe v. Wade on June 24, 2022, the Dobbs v. Jackson Women’s Health Organization ruling that gutted the long-established right to an abortion has been a constant focus, both inside and outside of the legal and healthcare communities. Notably, the ruling has remained a central focus within both the government, federal and state, and surrounding the tech sector. And these Dobbs-related conversations have a theme – the topic of health data privacy. But more specifically, discussions about data privacy surrounding reproductive healthcare.
Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.
On Monday, October 31, the U.S. Federal Trade Commission (FTC) called on education technology provider Chegg, Inc. (Chegg) to bolster its data security, citing lax security practices that regulators said exposed the personal data of more than 40 million Chegg users. The exposed personal information included names, email addresses, passwords, and for certain users, sensitive scholarship data such as dates of birth, parents’ income range, sexual orientation, and disabilities.
Amanda Scott Associate Editor Loyola University Chicago School of Law, JD 2024 In June 2022, a draft of a bipartisan bicameral bill known as the American Data Privacy and Protection Act was introduced. This bill was proposed as a replacement to current laws to further protect and strengthen federal data privacy and protection regulations. This …
Long gone are the days when cybersecurity concerns existed solely in the domain of technology teams. Various organizations, from schools to government entities (at every level), to private companies alike have fallen prey to cyberattacks. May 2021’s Colonial Pipeline attack caused chaos and a temporary gas frenzy that brought awareness of the vulnerabilities of the technology we rely on to even the least technically minded American. Cybersecurity, and more specifically, the security of critical infrastructure immediately became an issue that the U.S. Government is taking very seriously.
Conversation surrounding the hodgepodge of state data privacy legislation in the U.S. has long been a subject of frustration within the U.S. and abroad. 2021 saw a drastic uptick in awareness and a need for meaningful comprehensive consumer privacy laws. With both data privacy and cybersecurity repeatedly making front page news over the last year, and even becoming high priority within the Biden Administration, it has become one of the few issues on which people across the political spectrum can agree. But will 2022 be the year that comprehensive federal privacy legislation becomes a reality? Don’t count on it.
William Hanning is a Chief Information Security Officer with Groups360 and close to twenty years of Information Security experience. Mr. Hanning has built and managed security programs in multiple industries in organizations of varying sizes, as well as within Fortune 100 companies. Here, he gives insight about the separation between data privacy and cybersecurity, the role of information security teams, and how cybersecurity relates to and supports the work of legal and compliance departments.
There is no doubt that the COVID-19 pandemic has affected almost every aspect of life for people around the globe. While the internet has allowed people to stay connected and continue working from home, it has also presented an opportunity for cybercriminals to take advantage of susceptible remote working setups. Cybercrime has significantly increased since the start of the pandemic, prompting corporations to mitigate the risk of a data breach against an onslaught of new vulnerabilities to their internal systems.
The recent Pandora Papers leak in October 2021 shined the light on the massive and intricate web of offshore accounting that allows for insurmountable amounts of wealth to be hidden throughout the world. One of the most shocking revelations of these Papers was how heavily the United States was implicated in creating and perpetuating this system. As such, legislators have been pressured to find a way to crackdown on this sort of offshore money. One way that they have proposed addressing the problem is by amending the United States’ current criminal financial legislation, the Bank Secrecy Act.
Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.