Compiled By: Richard Sheinis, Esq. Suspected Chinese hackers target minorities, Russian gov’t The Hill A hacking group dubbed “Scarlet Mimic” with potential links to the Chinese … “Scarlet Mimic is likely a well-funded and skillfully resourced cyber FBI looks into cyber attack:TRMC NETWORK BACK UP Mount Pleasant Daily Tribune Titus Regional experienced a malware cyber attack discovered Friday, Jan. 15 in the form of a ransomware virus. Titus Regional Medical Center Chief … Malware in the Hospital Slate Magazine One big cybersecurity risk to hospitals is more mundane than hackers: It’s malware. … The fetal heart monitors kept rebooting, putting infant lives at risk. … Nor was the cyber bank heist in 2015 that Kaspersky Lab estimated at close to … Cybersecurity report recommends test-hacking medical devices before and after release KnowTechie (blog) Test-hacking medical devices and systems before and after release is a … Cyber security reform must encompass…       Read More

Written by: Richard Sheinis, Esq. On January 20, 2016, the “Georgia Personal Data Security Act” was introduced in the State Senate. The current Georgia breach notification law is one of the weakest in the country. It only applies to “information brokers” and “data collectors” that maintain computerized personal information of individuals.  An “information broker”, such as a credit reporting agency, is an entity that collects personal information for the purpose of furnishing this information to third parties.  A “data collector” is a government agency or subdivision. Most business entities are not covered by the current law, and would not be required to notify individuals if the business experienced a data breach resulting in the disclosure of personal information. The “Georgia Personal Data Security Act” is much broader than the current law. It would apply to any business that acquires, maintains, stores or uses personal information. Although most data breach notification…       Read More

John Parkerson was a guest speaker/panelist, with the Ambassador of the European Union to the United States and the Deputy Consul General of Germany in Atlanta, on an Atlanta Council for International Relations program on the “European Refugee Crisis”.  GlobalAtlanta covered the event and has a full story on it here: http://www.globalatlanta.com/96191-2/ . More photos of the event can be found here: http://atlantacir.org/myportfolio/refugee-crisis-in-europe-4/

Written by: Richard Sheinis, Esq. The FDA has issued this draft guidance to add to its other guidance documents on cybersecurity and medical devices, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software”, and “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. It is starting to feel like a Harry Potter series. The essence of this guidance is that premarket controls alone cannot completely mitigate cybersecurity risks to networked medical devices. Networked medical devices incorporate software that may be vulnerable to cybersecurity threats. The exploitation of these vulnerabilities may present a risk to the effectiveness of the device, the integrity, availability and security of patient information, and the safety of the patient. Networked medical devices require continual maintenance throughout the device lifecycle to minimize the risk of being compromised. Cybersecurity threats to medical devices are continually evolving. Hackers are always looking for ways to exploit vulnerabilities. Device…       Read More

Compiled By: Richard Sheinis, Esq. Hyatt Reveals Data Breach Impacted About 250 Hotels: What You Need to Know ABC News A widespread malware attack on Hyatt Hotels last year hit about 250 locations worldwide — with nearly 100 of those in the United States — according to … Medical Data Breaches at Blue Shield, New West Expose 46000 Customers’ Info eSecurity Planet A stolen laptop and a breach at a third-party vendor caused the data breaches. … Two health service providers recently acknowledged data breaches … Is Your Home Router Vulnerable to Hackers? Wall Street Journal To test the extent of the problem, the Journal commissioned a computer-security researcher to evaluate 20 new popular wireless routers. The analysis … US and EU firms warn of “enormous” consequences if data pact talks fail Reuters Under European Union data protection law, companies cannot transfer EU citizens’ personal data to countries outside the…       Read More

Written by: Ashley Gowder, Esq. “On January 15, 2016, the FMCSA released a proposal that would make several significant changes to existing regulations related to the method for assigning motor carriers’ safety fitness determinations. Currently, a safety fitness determination can only be made after an on-site compliance review. Compliance reviews are extremely labor and time intensive, so only a very small percentage of motor carriers are evaluated every year.  The system also relies heavily on limited roadside data, and information available on any particular motor carrier is often outdated. These factors result in a current system that only provides a basic snapshot of the carriers’ overall safety performance. The FMCSA’s goal with the new proposal is to take a performance based approach using current data. The FMCSA also believes the proposed changes to the safety fitness determination system will make it easier for those who hire transportation companies to determine…       Read More

Written by: Don Benson, Esq.  A December 16, 2015, federal court decision found that the pay of telemarketing employees was improperly docked for taking water, bathroom and rest breaks- virtually all time not spent making sales calls was treated as unpaid time. Perez v. American Future Systems, Inc., civ. No. 12-6171 (E.D. Pa. 2015). This unpaid time when added to the actual time paid for work, brought the employees below the minimum wage in many work weeks. With 6,000 employees subject to these rules and the company’s decision not to change its policies for an additional two years during the litigation, unpaid hours worked plus an equal amount for liquidated damages under the FLSA may reach $1.75 million. Adding insult to injury down the road will also likely be an award of attorney’s fees to Plaintiff’s counsel. The employer maintains a timekeeping system that requires its sales representatives to log-on…       Read More

Written by: Don Benson, Esq. A December 16, 2015, federal court decision found that the pay of telemarketing employees was improperly docked for taking water, bathroom and rest breaks- virtually all time not spent making sales calls was treated as unpaid time. Perez v. American Future Systems, Inc., civ. No. 12-6171 (E.D. Pa. 2015). This unpaid time when added to the actual time paid for work, brought the employees below the minimum wage in many work weeks. With 6,000 employees subject to these rules and the company’s decision not to change its policies for an additional two years during the litigation, unpaid hours worked plus an equal amount for liquidated damages under the FLSA may reach $1.75 million. Adding insult to injury down the road will also likely be an award of attorney’s fees to Plaintiff’s counsel. The employer maintains a timekeeping system that requires its sales representatives to log-on…       Read More

Written by: Patrick Powell, Esq. Under HIPAA, patients have the right to access and obtain a copy of their health information from physicians, hospitals, and insurers.  However, recent reports have concluded individuals often face barriers to accessing their information, even from entities required under HIPAA to provide the data. Understanding HIPAA’s requirements regarding patients’ access to medical data is critical for physicians, hospitals, and insurers.  Failure to comply with HIPAA can subject medical providers to substantial penalties and harm good will with patients. On Thursday, January 7, 2016, HHS released guidelines on patients’ access to their health data.  According to AHA News, the guidelines aim to help patients exercise their right under HIPAA to access their health information.  Specifically, the guidelines are reported to clarify, among other things: (1) the types of information covered by HIPAA’s access rule; (2) the exceptions to the access rule; and (3) how HIPAA’s access…       Read More

Written By: Beth Boone It seems that there are almost daily reports of encounters between law enforcement and mentally ill individuals, some with devastatingly fatal consequences for the families who initiate the contact by calling for assistance with their loved one, and conversely, often dangerous situations for the police in responding to the same. But what happens after the arrest of these individuals is generally not as publicized. The Emporia Gazette in Kansas recently had a series of articles regarding fewer mental health institutions in that state, with the lack of funding and facilities resulting in, among other things, more mentally ill inmates in local jails. The number of inmates with mental illnesses is just one of many unique challenges to health care providers working in a correctional setting. While historically the inmate population has had a high prevalence of mental health issues, many published studies cite the closing of…       Read More