Category: Regulatory

Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)

Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases…

Read More

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States….

Read More

Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?

See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not…

Read More

Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies

Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central.  This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian,…

Read More

Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data

I thought you may like an invitation to attend two complimentary webinars that I will be doing this coming week: YOURS, MINE, OURS: Protecting the Data Gathered and Exchanged in Litigation, Association of Certified E-Discovery Specialists (ACEDS) Monday, August 7, 2017 @ 12:00 CDT LINK for more information FULL VIDEO (see below) Securing IoT Data: Compliance,…

Read More

Webinar: Global reaching Cybersecurity Regulations in New York, will they impact your company?

Now that the WannaCry ransomware has your attention and the attention of everybody else, it is time to start thinking about your company’s cybersecurity legal and compliance obligations. Do you know whether your company will be impacted by New York’s expansive and global reaching Cybersecurity Regulations? The new Regulations govern many companies that do business…

Read More

Computer Use Policies – Are Your Company’s Illegal According to the NLRB?

The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees. A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that…

Read More

3 Important Points on Computer Use Policies

IMPORTANT POINT #1: YOUR BUSINESS MUST HAVE A COMPUTER USE POLICY IN PLACE Computer Use Policies (or Acceptable Use Policies, as they are often referred to) are must haves for today’s businesses. Such policies are a foundational component in how a business creates a culture of security with its workforce by establishing expectations on what are…

Read More

The #1 Reason NIST Cybersecurity Framework is Becoming the Standard

An article in eCommerce Times offers a well-reasoned argument for why the NIST (National Institute of Standards and Technology) Cybersecurity Framework is the guiding force in shaping the United States’ federal cybersecurity strategy: NIST Risk-Assessment Framework Shapes Federal Cybersecurity Strategy You should read it — but only after you read the following explanation because it is…

Read More
%d bloggers like this: