The private right of action in privacy laws: Comparing Vermont to California
6/25/24
By: Justin J. Boron, Matt P. Delfino, and Danielle A. Ocampo
In recent years, a number of states have passed privacy laws, including Montana, Maryland, Tennessee, Kentucky, and many others. The Vermont legislature followed suit with the Vermont …
General contractor responsible for payment, even when subcontractor is hacked
6/13/24
By: Matthew P. Delfino and Jason M. Pannu
As the quantity and complexity of cyber threats continues to increase across various industries, a recent case from the U.S. District Court in Maryland highlights some of the security risks particular to …
Cyber-Rx: Prescribing treatment for the cyber-security infirmity of the healthcare industry
5/22/24
In February of 2024, Change Healthcare, one of the world’s largest healthcare payment processing companies (accounting for an estimated 15 billion transactions worldwide) announced that it was the victim of a cyber-attack that compromised the medical …
5/21/24
On May 10, 2024, Vermont’s legislature passed a comprehensive data privacy law that exposes companies to consumer litigation not just for data breaches, but also any violation of consumer data privacy rights under the statute. …
5/6/24
Recently, the Chair of the U.S. House Committee on Energy and Commerce along with the Senate Committee Chair announced a new piece of data privacy legislation entitled the American Privacy Rights Act (the “APRA”) that has garnered …
4/24/24
By: Curt M. Graham and Barry M. Miller
The Commonwealth of Kentucky—the 15th state admitted to the United States—is now the 15th state to pass a bill protecting biometric and other consumer data.
But the statute provides that Kentucky’s Attorney …
AI class action knocks on California court’s door
4/10/24
The first Artificial Intelligence (AI) class action litigation in California courts was filed in Alameda Superior Court on March 28, 2024. The class filed a complaint against Blue Shield of California, one of the largest medical …
3/28/24
From “PenTrap” registry to 1988 video record protection laws, plaintiffs are becoming more creative than ever applying old laws and legal theories to new technologies. As recent as March 13th, California courts took an …
3/25/24
By: Julia N. Bover
You may have heard that Change Healthcare, a subsidiary of UnitedHealth Group, experienced a major ransomware attack late last month. The company, which is responsible for handling the prescription billing of more than 67,000 pharmacies across …
Combating FraudGPT: new guidance to healthcare providers
2/8/24
By: Alexia R. Roney
To combat phishing attacks supercharged by AI, the Health Sector Cybersecurity Coordination Center (HC3) has provided guidance to the healthcare industry through its white paper, “AI-Augmented Phishing and the Threat to the Health Sector.” Phishing is …
12/27/23
By: Amy Frantz, Michael Sanders, Patrick Eckler, and Jonathan Schwartz
On December 19, 2023, the Illinois Appellate Court, First District unanimously held the insurers in National Fire Insurance Co. v. Visual Pak Co. Inc. have no duty …
12/18/23
By: Gaia T. Linehan
Healthcare providers, health plans, and healthcare clearing houses are subject to the HIPAA Privacy and Security Rules. As such, they are required to notify patients and file data breach reports with the United States Department of …