Cybersecurity

Subscribe to Cybersecurity RSS Feed

Singapore Consults on Cybersecurity Guidelines for AI Systems

As a digital technologies hub in the Asia Pacific region, Singapore is making a big push to advance Artificial Intelligence (AI) technologies across various sectors, including healthcare. The promise of AI in managing Singapore’s ageing population and enhancing patient care and treatment more broadly cannot be overstated. This spans the ability to better predict and … Continue Reading

Australian Privacy Regulator Commences Penalty Proceedings Against Medibank

On 5 June 2024, the Australian Information Commissioner commenced civil penalty proceedings in the Australian Federal Court against Medibank Private Limited (an Australian health insurance provider) in relation to an October 2022 data breach. On 25 October 2022, Medibank notified the Office of the Australian Information Commissioner (OAIC) of a data breach concerning sensitive personal … Continue Reading

President Biden Announces Groundbreaking Restrictions on Access to Americans’ Sensitive Personal Data by Countries of Concern

On February 28, 2024, President Biden issued a groundbreaking executive order (EO) establishing the framework for new restrictions on transactions involving US persons’ sensitive personal data and “countries of concern,” including China, or related parties.… Continue Reading

Singapore to Pass Comprehensive Health Data Law

On December 4, 2023, Singapore’s Ministry of Health (Ministry) announced that the nation’s first ever comprehensive health data law, the Health Information Bill (Bill), will be introduced in mid-2024. A set of Cyber & Data Security Guidelines for Healthcare Providers (Guidelines) was also published. Of particular importance is that these Guidelines will frame and eventually … Continue Reading

Improving Healthcare Cybersecurity Is a Priority for National Security: U.S. HHS Issues Healthcare Sector Cybersecurity Concept Paper Signaling Forthcoming Cybersecurity Framework

Protecting the healthcare sector from the ever-increasing cyber threat is a matter of national security.  Indeed, on March 1, 2023, President Biden issued the National Cybersecurity Strategy where the President emphasized the need  to defend “the systems and assets that constitute our critical infrastructure [as] vital to our national security, public safety, and economic prosperity.”  … Continue Reading

The Impact of India’s New Privacy Law on Healthcare

In August 2023, India’s Digital Personal Data Protection Act (Act) received presidential assent, formalizing its first ever comprehensive and union-wide data protection law. The Act differs in many respects from a preceding version that was withdrawn in 2022, and reflects intensive discussion and revisions since then. In its final form, the Act reflects the central … Continue Reading

Federal Government Issues Alert on Top Ten Cybersecurity Vulnerabilities

Robust cybersecurity continues to be of paramount importance as the COVID-19 outbreak develops and cybercriminals seek to exploit a remote workforce, which necessitates that companies check their policies, procedures, and controls to ensure they are addressing the highest areas of risk.  On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) at the U.S. … Continue Reading

Complimentary Webinar: Privacy Law, Coronavirus, and Post-Pandemic Best Practices

On April 30, 2020, a Squire Patton Boggs Partner will co-present a complimentary webinar,  Privacy Law, Coronavirus, and Post-Pandemic Best Practices.  The program, organized by Bloomberg Law, will address recent HIPAA changes and temporary waivers, telehealth privacy and cyber considerations, and practical tips and recommendations to manage privacy and cyber risk during these challenging times.  … Continue Reading

Medical Imaging Company Pays $3 Million Data Security Fine

A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another … Continue Reading

Healthcare Cybersecurity Best Practices Out Now

A new outlook on the most prominent cybersecurity threats in the healthcare industry today and a series of corresponding, risk-prioritized cybersecurity best practices to combat these threats are now available from the Department of Health and Human Services (HHS).  More than 150 private sector healthcare and cybersecurity experts contributed to this guidance as part of … Continue Reading

Digital Health Update: Recent FDA Cyber Initiatives

The Food and Drug Administration (“FDA”) has greatly increased its activity around cybersecurity initiatives and medical devices. As we approach the end of the year, this is a great opportunity to review recent developments. FDA Medical Device Cybersecurity Guidance On October 18, 2018, the FDA published draft guidance, “Content of Premarket Submissions for Management of … Continue Reading

How To Avoid Paying $2,000 A Day To Encrypt ePHI

Let’s hope you don’t pay that much to encrypt electronic Protected Health Information (ePHI). How about a total of $4.3 million over two years? Well, that’s the total penalty for encryption violations assessed by Health and Human Services (HHS). An Administrative Law Judge found the penalty could have been much worse. The facts are sobering. … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In a May 22, 2018 article that appeared in Law360 Expert Analysis piece, Squire Patton Boggs partner Elliot Golding writes, “There is no shortage of attention on health care data privacy and cybersecurity, with an avalanche of new and proposed government and regulatory initiatives underway. Although health care has long been a key target for … Continue Reading

New EU Strategy on Artificial Intelligence

On Wednesday 25 April, the EU Commission unveiled a new strategy to boost Europe’s capabilities and related industries around artificial intelligence. As you know, this is a “hot topic” that has the potential to affect many businesses and sectors across Europe and beyond. Many of our clients are very interested in this technology development (and … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

EU’s proposed eHealth measures focusing on broadening the availability and sharing of health data

On 25 April 2018, the European Commission (EC) issued a Communication on enabling the digital transformation of healthcare, outlining the European Union’s (EU) priorities and actions towards digital health. The EU’s plan focuses on the following core priorities: Ensuring citizens’ access to their health data and introducing the possibility to share their data across borders; … Continue Reading

House Committee Chairman Asks HHS to Develop Health Care Cyber Risk Plan

Last week, the Chairman on the House of Representatives’ Committee on Energy and Commerce, Greg Walden (R-OR), sent a formal letter to the Dept. of Health and Human Services (“HHS”) requesting that HHS “develop a plan of action for creating, deploying, and leveraging [bill of materials] for health care technologies.” Walden gave HHS until December … Continue Reading

More Countries Jump on the “Connected Medical Devices Are Risky” Bandwagon

There is an increasingly common recognition that internet-connected medical devices can dramatically improve health outcomes and lower costs, but also create tremendous privacy and cybersecurity risks. In the U.S., the Food and Drug Administration (“FDA”) has already issued substantial guidance regarding device cybersecurity, but other countries are now also jumping on the bandwagon. For example, … Continue Reading

HHS Task Force Identifies Critical Cybersecurity Recommendations

The recent WannaCry ransomware attack and the bevy of breaches over the past few years demonstrate that cyber risks in the healthcare arena are substantial and widespread. The Department of Health and Human Services (HHS) Health Care Industry Cybersecurity (HCIC) Task Force Report (HCIC Report), required under the federal Cybersecurity Information Sharing Act of 2015, … Continue Reading

HHS Announces $400,000 HIPAA Settlement with Community Health Center

The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations. With the FQHC agreeing to pay $400,000 to HHS and entering … Continue Reading

Malicious Malware Brings On a Major HIPAA Headache

The United States Department of Health and Human Services (HHS) recently entered into a $750,000 resolution agreement with the University of Washington (UW) following an investigation.  The investigation was prompted by UW reporting a breach of about 90,000 people’s personal health information (PHI) after an employee unknowingly downloaded malicious malware from an email attachment. Similar … Continue Reading

Thinking About Cybersecurity – How to Get Organized & Better Manage Risk

Another month, another round of data breaches – seem like a familiar refrain when healthcare providers, health plans and their counsel think about cybersecurity?  But what if instead we could get organized and manage this growing business risk in a more proactive manner? It sounds like a good idea, but for many counsel, who view … Continue Reading
LexBlog