HHS OCR Settles HIPAA Ransomware Security Rule Investigation with BST & Co. CPAs, LLP
Settlement Marks OCR’s 15th Ransomware Enforcement Action and 10th Enforcement Action in OCR’s Risk Analysis Initiative Source: HHS
Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit
The Register reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed […]
Court upholds FCC data breach reporting rules on telecom sector
CyberScoop reports: A federal court has upheld the Federal Communications Commission’s authority to impose stricter data breach notification regulations on the telecom sector, including requirements that the industry notifies customers when their personally identifiable information is exposed in a hack. In a 2-1 decision, the U.S. Sixth Circuit Court of Appeals concluded that the FCC […]
AT&T Data Incident Settlement Notice: $177 Million Settlement Fund for Eligible Claimants
Kroll Settlement Administration has issued a press release about the settlement in litigation stemming from AT&T data breaches in 2024.
Cencora & The Lash Group Settle Data Breach Litigation for $40 Million
There is a settlement in litigation stemming from a breach reported last year that affected more than three dozen Cencora/Lash Group clients, and more than 1.4 million patients at last public count. The HIPAA Journal now reports: Cencora & The Lash Group have agreed to pay $40 million to settle class action data breach litigation […]
Ohio law to require local governments to formally approve ransomware payments
Cleveland.com reports: In response to Cleveland and other local governments around Ohio being targeted with cyberattacks and ransomware threats, the state of Ohio will soon require all counties, cities, townships, school districts, libraries, and other local governments to have a cybersecurity policy that adheres to certain standards, as well as only allow locals to approve […]
New York Upgrades Its Firewall Against Cyberattacks
New York State Senator Monica R. Martinez writes: The frequency and sophistication of cybersecurity attacks on state and local governments across the United States are on the rise, but now New York state has enacted legislation to ensure public entities’ responses to these incidents won’t glitch. Earlier this summer, Gov. Kathy Hochul signed S.7672A/A.6769A, sponsored by state […]
Apria Healthcare $6.38M Data Breach Class Action Settlement
ClaimDepot reports: Read more at ClaimDepot.
Oklahoma Substantially Amends Its Data Breach Notification Statute
Covington and Burling writes: Oklahoma recently enacted Senate Bill 626, which substantially amends the state’s data breach notification law to broaden the scope of notification obligations and add a new regulator notification requirement along with a new “safe harbor”-style provision that provides liability protections if certain security measures are implemented. The changes to Oklahoma’s law follow changes to […]
HCA Healthcare Multi-Million Dollar Data Breach Settlement Approved
HIPAA Journal reports: HCA Healthcare Inc. has agreed to settle class action litigation stemming from a July 2023 data breach that was reported to the HHS’ Office for Civil Rights as affecting 11,270,000 patients. The affected individuals had received healthcare services at HCA hospitals and doctors’ offices in 20 U.S. states. HCA Healthcare was targeted by hackers […]