Complied by: Richard Sheinis, Esq.  2016 Healthcare Data Breaches Largely From Employee Error HealthITSecurity.com The business industry had a total of 494 reported data breaches, while … Healthcare data breaches also exposed the most Social Security numbers, … Three Medical Data Breaches Expose 242600 Patients’ PHI eSecurity Planet The exposed data includes names, Social Security numbers, birth dates, contact details, medical record numbers and/or clinical information. Argyle I.S.D. Employees Hit With Data Breach NBC 5 Dallas-Fort Worth District leaders say on Wednesday, an employee got a “phishing” email that appeared to be from the district superintendent. Rsync Errors Lead to Data Breach at Canadian ISP, KWIC Internet CSO Online Misconfigured Rsync instances across multiple servers has led to a data breach at a Canadian ISP, exposing sensitive information and affecting all of … 3rd Circuit Says Spokeo Can’t Kill Data Breach Class Actions Reuters In Friday’s Horizon ruling, which delves…       Read More

Written by: Richard Sheinis, Esq. The U.S. Department of Health and Human Services, Office of Civil Rights (“OCR”) has agreed to a $2.2 million settlement with MAPFRE Life Insurance Company of Puerto Rico for potential non-compliance with the HIPAA Security Rule. MAPFRE filed a report with HHS stating a “pen drive” containing ePHI of 2,209 individuals was stolen from its IT department. OCR’s investigation revealed MAPFRE had failed to conduct a HIPAA required risk analysis, failed to implement a risk management plan, and failed to encrypt PHI on its laptops or removable storage media. MAPFRE then failed to implement corrective measures it told OCR it would take. In addition to paying $2.2 million, MAPFRE agreed to a corrective action plan. I have told many health care providers the fact that a breach occurred will not automatically result in a fine from OCR. OCR recognizes that breaches can occur even when…       Read More

Written by: Eric A. Hoffman, Esq. In a January 9, 2017 opinion, the Georgia Court of Appeals held that an Atlanta Public School teacher was entitled to official immunity in a wrongful death suit filed by a student’s parents. The case, Barnett v. Atlanta Indep. School System, stemmed from an incident that occurred when the teacher left her classroom unattended for a brief period of time to use the restroom. In upholding immunity for the teacher, the Court relied on Georgia precedent that decisions regarding student supervision are discretionary in nature and thus provide for official immunity. On October 14, 2008, teacher Phyllis Caldwell was a teacher for the at Benjamin E. Mays High School in West Atlanta. At about 2:45 p.m., Caldwell left the classroom and asked the teacher of the neighboring classroom to “look out” for and listen for any issues from her class, which she had reportedly…       Read More

Compiled by: Richard Sheinis, Esq. MAPCO to Pay $1.9M to Settle Data Breach Claims CSNews Online MAPCO Express Inc. will pay $1.9 million in a settlement over data security breaches at multiple stores, according to media reports. A Tennessee … Supreme Court Issues Notice to Centre, Facebook, WhatsApp Over Data Protection India.com The petitioner told the Supreme Court that WhatsApp has become a utility service and user data needs to be safeguarded. A petition filed before the … Data Breach at Sentara Healthcare The Charlottesville Newsplex ALBEMARLE COUNTY, Va. (NEWSPLEX) — Thousands of Sentara patients may have been impacted by a data breach at a third-party vendor… Cellebrite Loses 900GB of Customer Data in Breach of Old Server PC Authority Israeli security company Cellebrite has suffered a data breach of its website, and as much as 900GB of information has been stolen. Cellebrite … Indian Banks are Waking Up to…       Read More

On Friday, the U.S. Supreme Court agreed to review the Sixth Circuit’s finding that it has jurisdiction to hear challenges to the U.S. Environmental Protection Agency and Army Corps of Engineers’ controversial Clean Water Rule.

Written by: Richard Sheinis, Esq. The importance of timely reporting breaches of Protected Health Information (“PHI”) is now underscored by the U.S. Department of Health and Human Services (“HHS”) first ever enforcement action against a medical provider for failing to timely report a breach. Presence Health, a health care network with approximately 150 locations, including hospitals, and long-term care and senior living facilities, has agreed to pay $475,000, and implement a corrective action plan for failing to notify patients within 60 days of discovering the breach. The breach involved the loss of paper operating room schedules, which contained the PHI of 836 patients. The PHI included names, dates of birth, medical record numbers, and information about the procedures performed on each patient. The incident was discovered on October 22, 2013, but Presence Health did not file their breach notification report with HHS until 101 days later on January 31, 2014….       Read More

Compiled by: Richard Sheinis, Esq. Anthem’s Historic 2015 Health Records Breach Was Likely Ordered by a Foreign Government Fortune … were tasked with conducting a nationwide examination of the breach. Information security firm Mandiant was also hired by Anthem to conduct its … US Warns of ‘Imminent’ Cyberattack Threat on Electrical Grid CNET “Widespread disruption of electric service because of a transmission failure initiated by a cyberattack at various points of entry could undermine U.S. … Russia Engineered Election Hacks and Meddling in Europe USA Today Russia’s alleged use of computer hacking to interfere with the U.S. presidential election fits a pattern of similar incidents across Europe for at least a … FTC Sues Home Router Maker Over Security Flaws CyberScoop D-Link products put the personal cybersecurity and private data of … The agency’s legal actions over poor cybersecurity or data protection have … Legal Team for NC Man Guilty…       Read More

Written by: Bradley R. Coppedge, Esq. As an estate planning attorney, I hear all manner of misconceptions about Wills and other basic estate planning documents. Let’s take a few moments to address (and dispel) some of the more common: Myth #1. If I don’t have a Will, the State will get my property. Well, the good news is that this is almost never true. All states have a statute that determines the order of priority of inheritance in the event of intestacy, though it’s not always exactly what you would expect. (More on this in myth #2). First, let’s understand two basic terms: “Testate” and “Intestate”. Testate simply means you have a valid Last Will and Testament in place at your death. Intestate means you die without a valid last Will and Testament. Under the laws of most states, your spouse and children would first inherit. And while it varies…       Read More

On January 1, 2017, a new Department of Labor (DOL) rule went into effect requiring many federal contractors to provide their employees with up to 56 hours of paid sick leave per year. Employers who contract with the federal government should take steps to ensure that their current leave plans meet the new rule’s requirements or be prepared to issue new plans compliant with the rule. The rule allows for contractors to use existing sick time, vacation time, or other paid-time off policies to satisfy the Rule’s requirements. However, there are some requirements which will be at odds with many current employer policies. One such requirement is that employees must be able to carry over any unused paid sick time into the following year, subject to a few exceptions. Another such requirement is that contractor may only require certification of an employee’s illness or injury if the employee’s sick leave…       Read More