At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established for protecting electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The updated
Data Privacy + Cybersecurity Insider
Leveraging Knowledge to Manage Your Data Risks
Blog Authors
Latest from Data Privacy + Cybersecurity Insider
Adobe Issues Patches for ColdFusion “High Severity” Vulnerability
Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure…
Ascension Health Notifying 5.6 Million of Data Breach
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.
On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on…
Rhysida Hits American Addiction Centers + Publishes 2.8TB of Data
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering…
Navigating the Future: Generative AI and Information Governance in 2025
Generative Artificial Intelligence (Gen AI) is transforming industries at an unprecedented pace, unlocking new possibilities in automation, creativity, and problem-solving. However, as we look toward 2025, the success and sustainability of Gen AI will depend on one critical element: information governance. Governance frameworks will provide the foundation for ethical AI development and ensure compliance, accountability,…
A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements
2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer…
American Addiction Centers Hit with PHI Breach Class Action
American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from cyber criminals.
In September 2024, American Addiction Centers suffered a cyber-attack that led to the unauthorized access to sensitive personal information…
Privacy Tip #426 – CyberArk Report Confirms Employees Bypass Cybersecurity Policies
CyberArk, an identity security provider, has issued a new report on employee risk that is a must-read for IT Professionals and executives. The report highlights several findings that are directly related to the risks employees pose to an organization. These risks include:
- A majority of employees have access to sensitive information;
- Employees commonly reuse passwords;
…
Cl0p Exploiting Cleo Software
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately…
Supreme Court to Hear TikTok Case
The United States Supreme Court announced on December 18, 2024, that it will hear the TikTok ban case and has scheduled oral arguments for January 10, 2025, before the ban’s January 19, 2025 effective date.
The case stems from a bipartisan law signed by President Biden that required ByteDance, the Chinese-based parent of the app…