Cybersecurity firm CrowdStrike has yet to see any lawsuits get filed against it by customers, following its July 19 faulty software update crashing systems worldwide. Does that speak to the company having run a well-executed crisis management strategy?
Texas Attorney General Ken Paxton is suing the Biden administration, alleging that "unlawful" HIPAA Privacy Rule regulations are hindering the state's law enforcement investigations into abortion cases and other reproductive health care cases.
The Department of Health and Human Services has dropped its appeal of a recent federal court decision saying that HHS exceeded its authority in warning HIPAA-regulated entities that it's unlawful to use online tracking tools to capture certain identifiers in user visits to health-related websites.
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.
Recent developments suggest the U.S. is taking a more serious approach to holding faster payments platforms accountable for scams. It's unlikely any changes will occur before the November U.S. election, but the move toward more regulation is a good start, said Ken Palla, retired MUFB Bank director.
The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cybersecurity protections while overseeing sensitive government data.
The SolarWinds case has intensified legal risks for CISOs. A judge validated the SEC's theory of intentional securities fraud against Tim Brown, the SolarWinds' CISO, marking the first time a federal court accepted this theory against a CISO, said Jess Nall, partner at Baker McKenzie.
A ransomware attack against Berlin, Maryland-based Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement of a consolidated proposed federal class action lawsuit.
The SolarWinds case has redefined cybersecurity disclosure obligations, especially for chief information security officers. The SEC's novel theories in this case have set a precedent for how organizations must present their cybersecurity practices, said Jennifer Lee, partner at Jenner & Block.
As McLaren Health Care continues to restore its IT systems in the wake of a ransomware attack last week, some Michigan government officials are warning consumers about potential cybercrimes and other concerns stemming from that and similar cyber incidents involving healthcare groups in the state.
Federal regulators and SolarWinds are eyeing a truce weeks after a judge dismissed most claims related to misleading investors about the company's security practices and risks. SEC lawyer Christopher Bruckmann said his team "proposed specific settlement terms," but the defense is unlikely to accept.
Delta Air Lines' war of words against CrowdStrike and Microsoft over its extended IT outage continue to escalate, with the airline threatening litigation to recover $500 million in lost revenue and expenses. CrowdStrike and Microsoft have pledged to vigorously fight any such litigation.
Prospect Medical Holdings continues to face mounting legal and business fallout from the 2023 ransomware attack that disrupted IT operations at 16 of its hospitals for several weeks and resulted in a data breach that affected 1.3 million people.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.