5/6/24
Recently, the Chair of the U.S. House Committee on Energy and Commerce along with the Senate Committee Chair announced a new piece of data privacy legislation entitled the American Privacy Rights Act (the “APRA”) that has garnered …
Category: Cyber, Privacy, & Security
4/24/24
By: Curt M. Graham and Barry M. Miller
The Commonwealth of Kentucky—the 15th state admitted to the United States—is now the 15th state to pass a bill protecting biometric and other consumer data.
But the statute provides that Kentucky’s Attorney …
AI class action knocks on California court’s door
4/10/24
The first Artificial Intelligence (AI) class action litigation in California courts was filed in Alameda Superior Court on March 28, 2024. The class filed a complaint against Blue Shield of California, one of the largest medical …
3/28/24
From “PenTrap” registry to 1988 video record protection laws, plaintiffs are becoming more creative than ever applying old laws and legal theories to new technologies. As recent as March 13th, California courts took an …
3/25/24
By: Julia N. Bover
You may have heard that Change Healthcare, a subsidiary of UnitedHealth Group, experienced a major ransomware attack late last month. The company, which is responsible for handling the prescription billing of more than 67,000 pharmacies across …
Combating FraudGPT: new guidance to healthcare providers
2/8/24
By: Alexia R. Roney
To combat phishing attacks supercharged by AI, the Health Sector Cybersecurity Coordination Center (HC3) has provided guidance to the healthcare industry through its white paper, “AI-Augmented Phishing and the Threat to the Health Sector.” Phishing is …
12/27/23
By: Amy Frantz, Michael Sanders, Patrick Eckler, and Jonathan Schwartz
On December 19, 2023, the Illinois Appellate Court, First District unanimously held the insurers in National Fire Insurance Co. v. Visual Pak Co. Inc. have no duty …
12/18/23
By: Gaia T. Linehan
Healthcare providers, health plans, and healthcare clearing houses are subject to the HIPAA Privacy and Security Rules. As such, they are required to notify patients and file data breach reports with the United States Department of …
Illinois Appellate Court decides issue of first impression in data breach case
10/12/23
By: Donald Patrick Eckler and Adelaide Bell
In a matter of first impression, the Illinois Appellate Court has decided what is sufficient to have standing to pursue a data breach lawsuit under Illinois law. In Flores v. Aon Corp., …
10/4/23
By: Donald Patrick Eckler and Joshua W. Zhao
Is a statutory violation alone sufficient to satisfy the “injury in fact” requirement of standing outside the context of the Illinois Biometric Information Privacy Act (BIPA)? The Illinois Supreme Court will take …
We Do Not Negotiate With Terrorists – How Several States are Prohibiting Ransomware Payments
9/28/23
In 2022 in the United States, 106 local governments, 44 universities and colleges, 45 school districts operating 1,981 schools, and 25 healthcare providers operating 290 hospitals, disclosed they were victimized by ransomware attacks. In recent years, …
Summer Cyber & Privacy Round-Up
8/24/23
By: Nicholas Jajko
2023 has been a busy year for data privacy regulation, with the passage of privacy laws in six new states (Indiana, Iowa, Montana, Oregon, Tennessee, and Texas). Other developments are also worth spotlighting for current and prospective …