Privacy and Cybersecurity Blog

Hacked
08 September 2017

Equifax Announces Breach That Could Impact 143 ...

Yesterday. on September 7, 2017, Equifax, a credit monitoring agency, announced that the personal information of nearly half of all Americans may have been breached.  According to Equifax, criminals used “a U.S. website application vulnerability” to gain access to files that contained names, Social Security numbers, birth dates, addresses and driver’s license numbers. Equifax stated […]

Flooded Houses
07 September 2017

Dealing with PHI after Hurricane Harvey (and Ot...

The Department of Health and Human Services (“HHS”) recently issued relief and other helpful guidance about dealing with Protected Health Information (“PHI”) in the wake of disasters like Hurricane Harvey.  You can review this guidance here. Waiver of Certain Provisions under the Privacy Rule It is important to remember that HIPAA’s Privacy Rule continues to […]

Cybersecurity
25 August 2017

Data Breach Class Actions: an actual violation ...

In a previous post on this blog here, we noted that the recent decision in D.C. Circuit Court of Appeals had joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Now the Ninth Circuit Court of Appeals joins […]

Cyber Security
10 August 2017

Data Breach Class Actions: Is a Risk of Future ...

On August 1, the D.C. Circuit Court of Appeals joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Attias v. CareFirst, Inc., et al., involves a federal class action lawsuit brought by customers whose personal information was allegedly […]

Euros - Privacy Shield
27 July 2017

Penalty: Up to 20 Million Euros, or 4% of Gross...

In data privacy circles, there is constant discussion regarding the EU-US Privacy Shield and the EU General Data Protection Regulation (“GDPR”).  While the temptation for US- based companies to take an isolationist approach and ignore these EU regulations is understandable, doing so may unintentionally subject such companies to significant liability.  All US-based organizations that hold, […]

Cybersecurity
13 July 2017

Failure to Enter a HIPAA Business Associate Agr...

For those of you who follow this blog, one thing will become evident over time: one of my co-authors, Tim Gutwald, and I frequently blog about HIPAA-related privacy issues.  That’s because both of our practices include a fair amount of HIPAA work.  And, one tends to write about what they are passionate about (to the […]

CyberSecurity Ransomware
22 June 2017

Low Tech Solutions to Combat the High Tech Cybe...

Imagine that you have twelve (12) hours to pay or your files will be permanently destroyed.  You are the victim of a Ransomware attack. What will you do? Clocks-a-ticking. Ransomware, like WannaCry and CryptoLocker, have proven to be a common, lucrative, low-risk, criminal-enterprise.  Ransomware is a type of malicious software that blocks access to the […]

Cybersecurity Blog Alt Text
15 May 2017

Former FBI Cyber Expert James Trainor Speaks to...

The Economic Club of Grand Rapids hosted a luncheon last Monday, May 8, addressing cybersecurity. Miller Johnson sponsored the event and several members of the Privacy and Cybersecurity team attended to hear the presentation of former FBI cyber expert James Trainor.  During his time at the FBI, Mr. Trainor investigated some of the world’s largest […]