MenuClose

mmwr

Aug 02

No Harm, No Foul? Not According to the FTC’s LabMD Decision

This post was co-authored by Mara Smith, a summer associate with Montgomery McCracken, and Stephen Grossman, a partner and chair of Montgomery McCracken’s Data Privacy Practice Group. Last Friday, the FTC reversed an administrative law judge’s ruling in the FTC data security case against clinical laboratory… Read More

Jul 28

HIPAA Privacy and Security: Not Just for Healthcare Providers

This guest post was authored by Bianca A. Valcarce, a summer associate with Montgomery McCracken. HIPAA regulations don’t just impact doctors and health plans.  Lawyers, Certified Public Accountants, billing companies, and other third-party vendors who work with protected health information are not only covered by HIPAA… Read More

Apr 19

Still Standing: Data Breach Class Action Against P.F. Chang’s Revived on Appeal

We have previously written here and here on the evolution of standing in data breach/theft cases.  P.F. Chang’s China Bistro is the latest defendant to lose its bid to dismiss a class-action complaint for lack of standing.  Last Thursday, the 7th Circuit Court of Appeals… Read More

Feb 08

Key Components of FDA’s Draft Guidance for Medical Device Cybersecurity

On January 22, 2016, FDA issued draft guidance to manufacturers regarding the postmarket management of cybersecurity vulnerabilities in medical devices. This draft guidance comes on the heels of draft guidance issued in 2013 to manufacturers on the premarket management of cybersecurity risks related to the… Read More

Oct 23

Attention Higher Ed: Recommended Data Security Steps in the Wake of the DOE’s Dear Colleague Letter

Here are some recommendations that Stephen Grossman and I recently published to help institutions of higher education meet the expectations of federal regulators (including, most notably, DOE) with respect to information security and student data privacy. As you’ll see, our recommendations focus on the particular… Read More

Oct 06

Standing on the Spectrum of Data Breach Harm

In another victory for class-action data theft/breach plaintiffs, last week in Enslin v. The Coca-Cola Co., the Eastern District of Pennsylvania denied a motion to dismiss the case for lack of standing. There, Shane Enslin sued the Coca-Cola Company and various other Coca-Cola entities (“Coke”)… Read More

Categories

Uncategorized
Sep 03

In the Wake of Wyndham’s Alleged Mistakes, Businesses Should Review Cybersecurity Policies

This post was co-authored by Michael B. Hayes, a partner in Montgomery McCracken’s Litigation Department.  He serves an editor of the firm’s Data Privacy Alert blog, which focuses on data privacy and cybersecurity issues. Michael can be reached at 215.772.7211 or at mhayes@mmwr.com. The old… Read More

Aug 21

National Cybersecurity Center of Excellence releases its first cybersecurity practice guide: “Securing Electronic Health Records on Mobile Devices.”

As we discussed during a recent webinar, Cybersecurity: A Mid-Year Legal Review, damaging health care data breaches are being reported with increasing frequency. Earlier this year, the FBI issued a private notice to the healthcare industry warning providers that their cybersecurity systems are lax compared… Read More

Aug 07

Ringing the Bell: The Dept. of Education’s Security Mandate to Higher Education

In the wake of the OPM data breach, it is no wonder that the U.S. Government has begun to think seriously about the implications of data breaches more broadly.  For anyone who has had the pleasure of filling out a FAFSA form, the financial aid… Read More

Jul 24

A Standing Ovation for Plaintiffs in Data Breach Cases

Earlier this week, in Remijas v. Neiman Marcus Group, the Seventh Circuit reinstated a class action against Neiman Marcus stemming from a 2013 data breach.  In so doing, it was the first court of appeals to find that the data breach plaintiffs’ actual injuries, future… Read More