It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its…
Tag: privacy
Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)
Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases…
The Most Important Lesson You Are Not Hearing About Apple’s iOS FaceTime Glitch
The most important lesson about Apple’s iOS group FaceTime debacle that you are not hearing about should be a wake up call for everyone (Tuma explains this glitch on WFLA in Tampa, FL): If Apple, through a programming glitch, has the ability to allow someone to use your iOS device as a microphone to listen…
Come to our session at #PSR18 – Vendor Risk Management: Maintaining Relationships While Limiting Liability
Are you at IAPP – International Association of Privacy Professionals P.S.R. #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our…
Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case
The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record…
GDPR, snooping tech, and data privacy — what does this all mean? Shawn Tuma explains
The EU’s GDPR, devices and services snooping on our privacy, and data privacy law – what does this all mean? Shawn Tuma explains to CW33’s Morning Dose why the EU’s General Data Protection Regulation (GDPR) can be a positive step in the long run for simplifying data security and data privacy when compared to the…
Integrating Amazon’s “Rekognition” Tool with Police Body Cameras — Shawn Tuma Discusses on CW33 Morning Dose
There has been an outcry over law enforcement using Amazon’s “Rekognition” facial recognition tool and integrating it with their body cameras for nearly real-time identification capabilities. CW33’s Morning Dose had cybersecurity and data privacy attorney Shawn Tuma on as a guest to discuss this issue, as seen on this video: Here is another story with…
FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…
Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?
See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not…
The Most Positive Cybersecurity Trend I Have Seen in Nearly 20 Years!
In the last quarter of 2017, I have observed a cybersecurity trend that has given me more hope than any that I have seen previously. Let me explain. As an attorney, I have been practicing what can generally be described as cyber law or cybersecurity law since 1999, which means that my practice has evolved a lot…
You must be logged in to post a comment.