Eric A. Packel

Subscribe to all posts by Eric A. Packel

Warning of Cybersecurity Threat to Healthcare Sector – Imminent Threat of Ransomware

BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. The Advisory warns of an imminent cybercrime threat to U.S. hospitals and healthcare providers with the purpose of infecting systems with Ryuk ransomware for financial … Continue Reading

Due to the COVID-19 Pandemic, HHS Eases Restrictions on the Use and Disclosure of PHI by Business Associates

The COVID-19 public health emergency already has caused the U.S. Health and Human Services (HHS) Office for Civil Rights to announce various enforcement changes and waivers. On April 2, HHS issued another notification of enforcement discretion – this one relating to business associates. This latest notification allows business associates to use and disclose protected health … Continue Reading

Deeper Dive: Choose the Right Forensics Firm for the Job

Forensics are a key component of many data incident investigations.  The importance of forensics cannot be overstated.  In fact, in 2018, 65% of the incidents we handled involved some type of forensic investigation. Forensics firms can not only help determine what happened in a data incident but can also provide recommendations for containment and mitigation.  … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Moving Beyond Passwords – Does Your Face Raise Privacy Concerns?

Phishing attacks continue to be the root cause of a considerable number of data breaches. Typically, these incidents occur when employees are enticed into giving up their login credentials in response to a cleverly designed, yet fake email. Thus, network passwords, combined with employee susceptibility to phishing emails, remain a major security weakness for corporations. … Continue Reading

Deeper Dive: Be Prepared for Regulatory Investigations in the Wake of a Security Incident

Your company had a data security event. After an investigation, it was determined that notifications were required, and the incident was made public as a result. Notification letters were mailed and regulators were notified, all in accordance with the law. Your company also enhanced security measures and took other remedial action, so there is nothing … Continue Reading

Looking back at the HIPAA resolution agreements in 2016

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement agreement between HHS and a covered entity (or business associate) where the entity agrees to the payment of a resolution … Continue Reading

Privacy and Security in the Voting Booth

Could the presidential election be hacked? With Election Day upon us, concerns about the security of the U.S. election system have reached a fever pitch. But how likely is it that a breach could affect the election? Could hackers really make cries of a “rigged” election come true? The U.S. government is definitely concerned about … Continue Reading

Deeper Dive: Regulatory Investigations Following a Reported Breach

We recently released our 2016 Data Security Incident Response Report (“Report”), which provides lessons learned and metrics related to over 300 data security incidents handled by our team. As noted in the report, once an incident is made public the potential ramifications include a wide-ranging investigation by a regulatory agency, such as state attorneys general. … Continue Reading

Government Access to Private Data: Microsoft Opens a New Front in the Battle for Consumer Privacy

Prior to the Information Age, sensitive papers were stored in file cabinets and drawers. When home computers arrived, information was digitized and moved to hard drives or other electronic media, still possessed by the user. Today, with the general availability of high-speed Internet service, many individuals are moving information to the so-called cloud – which … Continue Reading

Encryption: The Battle Between Privacy and Counterterrorism

For privacy advocates, it is universally accepted that encryption is a very good thing. After all, encrypted data is deemed a safe harbor under HIPAA and state breach-notification laws, providing an “out” from potential fines and penalties when an encrypted device is lost that contains sensitive health or other personal information. In addition to encouraging … Continue Reading

Colleges and Universities Are Prime Cyberattack Targets: What’s Behind the Threat?

When it comes to cyberattack targets, many think of retailers and associated credit card transactions or customer information, or perhaps healthcare providers with their ever-increasing storage and transmission of electronic information related to patients. But colleges and universities are increasingly under siege from hackers. In fact, the education sector, according to recent reports, comes in … Continue Reading

A Kinder, Gentler Spanish Data Protection Authority?

As of July 24, Spain has a new director for its Data Protection Authority (Agencia Española de Protección de Datos — AEPD). The AEPD is the agency responsible for conducting investigations and bringing disciplinary actions concerning data protection issues, including compliance with Spain’s Data Protection Act of 1999 (called the “LOPD” in Spain), which implemented … Continue Reading

Cross-Border Data Transfers: Cutting Through the Complexity

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. With the rise of the global economy and the reach of the Internet, many businesses now have customers and data from around the world, if not offices and employees in … Continue Reading

Will Using “Apple Pay” Keep the Data Breach Away?

Recently Apple unveiled its latest iPhones and other new products. While the big screens on the new iPhones are making the splashy headlines, perhaps the most interesting reveal, from a data privacy perspective, is not a shiny gadget, but the new mobile payment service dubbed “Apple Pay”. Although mobile payment services aren’t new – Google … Continue Reading

Privacy or Politics? – Russia Seeks More Control Over its Citizens’ Personal Data

Back in July, President Vladimir Putin signed a law (Federal Law No. 242-FZ) that compels “data operators” to store Russian citizens’ personal data only inside Russia. Previously, Russian law allowed the storage of data relating to Russian citizens to be located on servers in foreign countries. Under the new law, companies that collect personal data … Continue Reading

Is the 5th Time the Charm? – Nationalizing Data Breach Notification

Once the smoke and dust clears from the latest enormous data breach, the fried servers are hauled away and the ritual IT department purge takes place, the focus seems to turn to the lack of any comprehensive national data breach law. Although certain sector specific breach notification laws are in place, such as HIPAA/HITECH in … Continue Reading
LexBlog