Tag: Data Privacy

OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month

On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for…

Read More

Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review

When thinking of HIPAA data breaches, most of us tend to think of situations where the hackers engage in malicious activities against hospitals and steal troves of patients’ protected health information (PHI). There are, however, other much simpler kinds of HIPAA privacy breaches that are easily avoidable and can be quite costly to the healthcare…

Read More

Ransomware Attacks! The 5 Best Practices the White House Urges all Businesses to Take to Mitigate Them

The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been…

Read More

Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure (publication)

Many thanks to the Texas Bar Journal for publishing my recent article, Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure, in the Cybersecurity Issue: Without an understanding of the particular organization or the unique risks it faces, it is impossible to know what is best or…

Read More

The Art of Cybersecurity: How Sun Tzu Masterminded the FireEye / US Agencies / SolarWinds Cyberattacks

Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business partners and other third parties. Why? Unless you are living under a rock, you should have heard that FireEye–perhaps the preeminent cybersecurity firm on the face of the planet–was the victim of a successful cyberattack. So…

Read More

What Can Happen if You Do Not Notify Following a Data Breach?

Here is one of the questions we get asked most often: “Ok, so we’ve had a real data breach and you say we have clear notification obligations, what can happen if we just ignore it and pretend it never happened — that is, we just don’t notify?” Unfortunately, this question is oftentimes coupled with this…

Read More

Understanding the Cyber and Privacy Risks of Zoom and Tips For Using It More Securely

CBS 11 DFW interviews Shawn Tuma who explains that when you are given a free service or product to use, you and your data are the real product.  By now everyone has now heard of — and likely used — Zoom for staying connected during the COVID-19 pandemic. In what may have been a brilliant…

Read More

Healthcare Providers – Are You Prepared for Hackers to Tell Your Patients About Your Ransomware and Data Breach?

If you are a healthcare provider, you need to prepare yourself now for the new reality that, when hackers get into your network, they will contact your patients to put pressure on you to pay their ransom demands — usually after they have encrypted your network. Here is an example from a recent case that…

Read More

Texas Bar Journal 2018 Year-End Cybersecurity & Data Privacy Update

The Texas Bar Journal’s year-end update on Cybersecurity & Data Privacy law was once again provided by Shawn Tuma and addressed the following issues: Lawyers’ Cybersecurity and Data Breach Obligations that are required under Texas law and the ABA’s Ethics Opinion 483 titled Lawyers’ Obligations Afteran Electronic Data Breach or Cyberattack Whether an IT service…

Read More
%d