Patrick H. Haggerty

Patrick Haggerty has a growing practice in the area of privacy and data protection, counseling companies and hospitals that have suffered data breaches and are involved in subsequent investigations and litigation. With additional experience in commercial litigation and white collar defense and corporate investigations, Patrick demonstrates a proven ability to handle and manage all aspects of litigation and internal investigation work. More>>

Subscribe to all posts by Patrick H. Haggerty

DSIR Deeper Dive: Regulatory Investigation Landscape

HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued a data request. While OCR investigations can be burdensome, few of them result in penalties. State attorneys general have … Continue Reading

Maryland Insurance Administration Issues Breach Notification Bulletin

On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed general agents and third-party administrators of a new security breach reporting requirement to the Compliance & Enforcement Unit at the MIA. Effective Oct. … Continue Reading

Deeper Dive: The Landscape of Healthcare Data Breaches

Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health insurers, and biotech and pharmaceutical companies. In 2018, health information alone was just behind Social Security numbers (which can also be … Continue Reading

Deeper Dive: Minimizing Risk

For organizations of any size, making sense of the constantly evolving cyber risk landscape can seem daunting. With new threats materializing on a constant basis, it can be difficult for organizations to efficiently allocate resources and respond to security incidents. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we use our experience from more … Continue Reading

Deeper Dive: Forensics

A company’s ability to quickly and efficiently conduct a forensic investigation is critical to limiting the impacts of a data security incident and determining the scope of the incident. In BakerHostetler’s 2017 Data Security Incident Response Report, we analyzed data from the more than 450 incidents we worked on in 2016. A forensic investigation occurred … Continue Reading

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

11/30/2016 Update: Today OCR issued another alert relating to the phishing email campaign and has shared that the phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at http://www.hhs-gov.us. This is a subtle difference from the official email address for OCR’s HIPAA audit program, OSOCRAudit@hhs.gov. Covered entities and business associates … Continue Reading

Deeper Dive: Beware of Paper Records

BakerHostetler’s 2016 Data Security Incident Response Report reveals a number of interesting incident response trends: the range of incident causes is broad, all industries are affected, detection capabilities need to improve, it is difficult to provide meaningful notification quickly, and regulatory investigations are more common than lawsuits after notification occurs. One of the report’s interesting … Continue Reading

FCC’s Growing Privacy and Data Security Enforcement

The Federal Communications Commission (FCC) has had a busy 2015, and its presence in the data security regulatory enforcement space will likely continue to grow. Last year, the FCC named Travis LeBlanc as chief of the Enforcement Bureau. Since then, the FCC has brought three separate enforcement actions against companies for allegedly not safeguarding consumers’ … Continue Reading

State Data Breach Notification Requirements Specifically Applicable to Insurers

Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by the differences, including who must comply with the law (e.g., persons, businesses, information brokers, government entities, covered … Continue Reading

SEC Adopts Rules to Improve Systems Compliance and Integrity

On November 19, 2014, the Securities and Exchange Commission (SEC) unanimously voted to adopt Regulation Systems Compliance and Integrity (Reg SCI), which will govern the technology infrastructure of the U.S.’s securities exchanges and certain other trading platforms and market participants.[1] Reg SCI will supersede and replace the SEC’s current Automation Review Policy (ARP). The new … Continue Reading

Cross-Border Data Transfers: Cutting Through the Complexity

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. With the rise of the global economy and the reach of the Internet, many businesses now have customers and data from around the world, if not offices and employees in … Continue Reading

CFTC Chairman Provides Guidance on Cybersecurity

On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014. Part of Chairman Massad’s remarks focused on the importance and oversight of cybersecurity and business continuity disaster recovery for the financial institutions, exchanges, and markets that the Commission regulates. Specifically, … Continue Reading
LexBlog