Spencer Fane LLP Logo

Shawn Tuma

Partner

Spencer Fane attorney Shawn Tuma

T 972.324.0317
F 972.324.0301
stuma@spencerfane.com

$1,040,000 HIPAA Settlement for Stolen Unencrypted Laptop Breach — Why?

The United States Department of Health and Human Services reached an agreement with Lifespan Health System Affiliated Covered Entity (Lifespan ACE) in which Lifespan agreed to pay $1,040,000 and adopt a corrective action plan in the wake of its data breach that exposed over 20,431 patients’ protected health information. The breach occurred when an employee’s unencrypted laptop was stolen which contained electronic protected health information (ePHI) including: patients’ names, medical record numbers, demographic information, and medication information.

Understanding the Cyber and Privacy Risks Of Zoom and Tips For Using It More Securely

By now everyone has now heard of — and likely used — Zoom for staying connected during the COVID-19 pandemic. In what may have been a brilliant strategy to gain market share during adverse times, Zoom offered its videoconferencing service for free to schools, organizations, businesses, and individuals as a means of staying connected while the world is exercising social distancing and it seems as if everyone is now using Zoom.

One Key Takeaway from $3 Million Penalty by HHS for Exposing 300,000 Patient Records

The United States Department of Health and Human Services reached an agreement with Touchstone Medical Imaging in which Touchstone agreed to pay $3 million and adopt a corrective action plan in the wake of its data breach that exposed over 300,000 patients’ protected health information.

ABA Explains Lawyers’ Ethical Obligations for Data Security and Data Breach

Lawyers, like others in business, must comply with the data security and data breach notification laws of the 50 states that are applicable to their practices. But, according to the American Bar Association, their obligations do not end there. On October 17, 2018, the ABA issued Ethics Opinion 483 titled Lawyers’ Ethical Obligations After an Electronic Data Breach or Cyberattack

Yahoo! Data Breach Settlement Increases Risk for Companies’ Directors and Officers

The recent Yahoo! settlement marks a substantial step in data breach shareholder derivative litigation that increases the risk for officers and directors of companies that have a data breach. On January 9, 2019, Yahoo! Agreed to pay a total of $29 million to its shareholders to settle a lawsuit against several former directors and officers alleging that their poor management of the company led to the data breaches which substantially impacted the company’s value.

Texas Businesses Must Implement and Maintain Reasonable Cybersecurity Safeguards According to State Attorney General

Texas law requires businesses to implement and maintain reasonable cybersecurity, which they should do so with a written program for managing cyber risk and protecting sensitive customer information. This warning came from the state’s Attorney General following his office’s $1.5 Million settlement with Neiman Marcus over its 2013 data breach.

Cyber Hygiene Checklist

“[T]he relevant inquiry here is a cost-benefit analysis, that considers a number of relevant factors, including the probability and expected size of reasonably unavoidable harms to consumers given a certain level of cybersecurity and the costs to consumers that would arise from investment in stronger cybersecurity.”
– FTC v. Wyndham, (3rd Cir. Aug. 24, 2015)

Protect Your Company Against W-2 Business Email Compromise Attacks During Tax Season

The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season.

Cyber Incident Response Checklist

“Firms must adopt written policies to protect their clients’ private information . . . they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
– S.E.C. v. R.T. Jones Capital Equities Mgt.