Come to our session at #PSR18 – Vendor Risk Management: Maintaining Relationships While Limiting Liability

Are you at IAPP – International Association of Privacy Professionals P.S.R.  #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our moderator.

Bloomberg BNA Texas ProfileWhile you’re there pick up your copy of Bloomberg BNA’s  Domestic Privacy Profile: Texas!

If you can’t make it, here is a link to the .pdf (hey, I know people!).

Session Info: https://iapp.org/conference/privacy-security-risk/sessions-psr18/?id=a191a0000028eqTAAQ

Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case

The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record $16 million — an amount that is almost three times the next-largest OCR data breach settlement of $5.55 million.

While these numbers are interesting, what is the takeaway for business leaders?

It all started with an employee opening and responding to a phishing email:

phishing-3390518_1920

Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. (HHS Press Release)

While this may be shocking, it is neither new nor unexpected. Most cyber incidents are a result of failures of basic cyber hygiene, not super sophisticated James Bond-like attacks. Read more about this in 1 Step to Improve Your Company’s Cybersecurity Today.

GDPR, snooping tech, and data privacy — what does this all mean? Shawn Tuma explains

The EU’s GDPR, devices and services snooping on our privacy, and data privacy law – what does this all mean?

Shawn Tuma explains to CW33’s Morning Dose why the EU’s General Data Protection Regulation (GDPR) can be a positive step in the long run for simplifying data security and data privacy when compared to the multitude of different federal, state, and local laws in the United States.

Shawn Tuma discusses on The Michelle Mendoza Show on Seattle’s 820 AM, The Word

 

The EU’s GDPR, attorney Shawn Tuma discusses on the Steve Gruber Show

 

See also: INTEGRATING AMAZON’S “REKOGNITION” TOOL WITH POLICE BODY CAMERAS — SHAWN TUMA DISCUSSES ON CW33 MORNING DOSE

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Integrating Amazon’s “Rekognition” Tool with Police Body Cameras — Shawn Tuma Discusses on CW33 Morning Dose

There has been an outcry over law enforcement using Amazon’s “Rekognition” facial recognition tool and integrating it with their body cameras for nearly real-time identification capabilities. CW33’s Morning Dose had cybersecurity and data privacy attorney Shawn Tuma on as a guest to discuss this issue, as seen on this video:

 

Here is another story with additional commentary by Tuma (2:01 mark):

 

See also:  The EU’s GDPR, devices and services snooping on our privacy, and data privacy law – what does this all mean? Shawn Tuma discusses on The Michelle Mendoza Show on Seattle’s 820 AM, The Word

 

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. FMCNA’s network is comprised of dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitalist and post-acute providers.

Read the full article on HHS’ website and pay careful attention to the 6 specific issues the OCR’s investigation identified as a basis for the fine:

  1. Failed to conduct an adequate risk analysis.
  2. Provided unauthorized access for a purpose not permitted by the Privacy Rule.
  3. Failed to implement policies and procedures to address security incidents.
  4. Failed to implement policies and procedures for devices containing ePHI inside and outside of the facility.
  5. Failed to implement policies and procedures to safeguard their facilities and equipment therein from unauthorized access, tampering, and theft.
  6. Failed to encrypt ePHI in appropriate circumstances.

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.