Key Steps for Successful Business Continuity Planning

Imagine being the owner of the most popular coffee joint on the corner. Your loyal customers line upoutside each morning, eager to grab their caffeine fix. But, one day, as your staff hustles to keep upwith the orders, a sudden storm knocks out the power, leaving the cafe in the dark. Or worse, acyberattack targets …

How to Beef Up Your Incident Response Plan

Are you prepared to face a cybersecurity breach, a natural disaster or a system failure? Such disruptive events can strike at any moment, causing chaos and confusion. But don’t worry. With an effective incident response plan in place, you can handle any incident with confidence. This blog is intended to help you enhance your plan …

Key Considerations When Selecting the Right Cyber Insurance Coverage

Is your business prepared to confront today’s growing cybersecurity threats? Although adopting the latest technologies and industry trends is undoubtedly crucial, it is equally important to ensure that your business has the best cyber liability insurance. Think of it as an invisible shield protecting your business from devastating losses. However, to harness its full potential …

Ransomware Attack on Refuah Health Compromised the Data of 250,000 New Yorkers

New York Attorney General Letitia James has reached an agreement with Refuah Health Center, Inc. to address the health care provider’s failure to protect patient data. Refuah experienced a ransomware attack that compromised the personal and private information of around 250,000 New Yorkers. The investigation found that Refuah lacked appropriate controls, such as encryption and …

FTC Proposes Strengthening Children’s Privacy Rule to Further Limit Companies’ Ability to Monetize Children’s Data

The Federal Trade Commission (FTC) has proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule) to strengthen children’s privacy and limit companies’ ability to monetize children’s data. The proposed changes include prohibiting the collection of more personal information than necessary for a child to participate in an activity, clarifying the meaning of “activity,” …

Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguard

Rite Aid has been banned by the Federal Trade Commission (FTC) from using facial recognition technology for surveillance purposes for five years. The retailer failed to implement proper procedures, resulting in false tagging of consumers as shoplifters. The FTC’s order aims to protect consumer rights and prevent further misuse of the technology. Rite Aid will …

FTC has taken action against Global Tel*Link Corp

The Federal Trade Commission (FTC) has taken action against Global Tel*Link Corp. and its subsidiaries for failing to adequately secure personal data and notify consumers after a data breach. The breach occurred due to changes made by a third-party vendor to the security settings for the data stored in the cloud, leaving the personal data …

Snooping in Medical Records

Yakima Valley Memorial Hospital has settled with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) for $240,000 after security guards accessed medical records without authorization. The hospital will update policies and procedures to protect patient information and train employees to prevent future breaches. OCR Director Melanie Fontes Rainer stressed the …

FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data

The Federal Trade Commission (FTC) has reached a settlement with genetic testing firm 1Health.io over charges of failing to protect the privacy and security of DNA data and making unfair changes to its privacy policy. The FTC accused 1Health.io, formerly known as Vitagene, of deceiving consumers about its privacy and security practices. The company allegedly …

Disclosure of Patients’ Protected Health Information to a News Reporter

St. Joseph’s Medical Center has settled with the Office for Civil Rights (OCR) over a HIPAA investigation regarding the disclosure of patients’ protected health information to a news reporter. The medical center provided a national media outlet with access to COVID-19 patients’ information without obtaining written authorization. OCR determined that three patients’ information was disclosed, …