Advertisement

13

Bottom Row Image

Advertisement

June 05, 2023

Investor Coalitions Urge Consumer Goods Companies to Take Action to... by: Jason M. Halper
FDA Webinar Reiterates a New Regulatory Pathway Created by Federal... by: Food and Drug Law at Keller and Heckman
Sixth Circuit Rules that Brandished Firearm Could Be 'Threat of... by: Sonal Hope Mithani and Sarah C. Reasoner
Proposed Consent Decree – EPA & Ethylene Oxide Emissions by: David A. Goldman
FTC Explores Environmental Claims and Pending Civil Penalty... by: Richard B. Newman
Six Common Data Quality Management Issues and How to Solve Them by: Christina R. Fritsch JD
Supreme Court Decision Cements Employers’ Ability to Sue for Strike... by: Steven J. Porzio and Alexander J. Blutman
US Federal Agencies Commit to Regulatory Enforcement of AI Systems by: Alya Sulaiman and Jason D. Krieser
Certain Employers in Ontario Are Now Required to Have Naloxone Kits... by: Mitch Frazer
Airline Sued Over Claims That it is “First Carbon-Neutral Airline” by: Sara Bussiere
Wetlands No More? U.S. Supreme Court Limits Federal Regulation of... by: Sarah A. Slack and Dorothy E. Watson
Challenges in Energy Project Development [Podcast] by: Joel Meister and David Markey
GeTtin' SALTy Episode 6 | Maryland Digital Advertising Tax—An in... by: Nikki E. Dobay and DeAndré R. Morrow

June 04, 2023

June 03, 2023

June 02, 2023

China’s National Intellectual Property Administration to Cease... by: Aaron Wininger

Article By

Hunton Andrews Kurth’s Privacy and Cybersecurity

Hunton Andrews Kurth

Privacy and Information Security Law Blog-Hunton Andrews Kurth

Related Practices & Jurisdictions

Advertisement

New York Attorney General Settles with Law Firm Over Data Breach

Tuesday, March 28, 2023

On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm (Heidell, Pittoni, Murphy & Bach LLP) had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach.

The New York AG alleged that, in November 2021, the firm experienced a cybersecurity incident in which attackers acquired the private data of over 114,000 patients of hospitals who were clients of the firm, including names, Social Security numbers, dates of birth and health information. The cause of the breach was a software vulnerability for which a patches had been issued, but allegedly not implemented by the firm. The AG’s investigation determined that the firm failed to take reasonable measures to protect consumer personal information, such as conducting risk assessments or implementing encryption for the data, in violation of HIPAA and New York state law.

In addition to the monetary penalty and obligation to implement an enhanced information security program, the settlement also requires the firm to offer affected consumers two years of complimentary credit monitoring and identity theft protection services (if such services were not already offered). The firm neither admitted nor denied the AG’s allegations as part of the settlement.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XIII, Number 87

Advertisement

Latest Legal News & Analysis

Investor Coalitions Urge Consumer Goods Companies to Take Action to Reduce...

Cadwalader, Wickersham & Taft LLP

FDA Webinar Reiterates a New Regulatory Pathway Created by Federal Legislation is...

Keller and Heckman LLP

Sixth Circuit Rules that Brandished Firearm Could Be 'Threat of Violence...

Miller Canfield

Proposed Consent Decree – EPA & Ethylene Oxide Emissions

FTC Explores Environmental Claims and Pending Civil Penalty Implementing...

Hinch Newman LLP

Advertisement

TRENDING LEGAL ANALYSIS

GeTtin' SALTy Episode 6 | Maryland Digital Advertising Tax—An in-depth...

By

Greenberg Traurig, LLP

Supreme Court FCA Scienter Ruling Revives Fraud Lawsuits Against Safeway and...

By

ArentFox Schiff LLP

Highlights for Research Institutions and Sponsors in FDA's Recent Draft...

By

Texas Consumer Privacy Law Nears Governor’s Signature

By

McDermott Will & Emery

Fraud or Art? Supreme Court Provides Copyright Clarity in Warhol Case

By

Norris McLaughlin P.A.

En Banc Ninth Circuit Upholds Delaware-Forum Bylaw That Prevents Assertion of...

By

Proskauer Rose LLP

Upcoming Legal Education Events

PE & Healthcare Summit Berlin 2023

Tuesday, June 6, 2023

FinTech University: FinTech and International Law

Tuesday, June 6, 2023

Ward and Smith's 2023 Health Care Breakfast and Learns at New Bern Golf & Country Club!

Wednesday, June 7, 2023

PCI DSS 4.0: Third-party Service Providers And Risk Management

Wednesday, June 7, 2023

Advertisement

About this Author

Hunton Andrews Kurth’s Privacy and Cybersecurity

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

[email protected]

212 309 1223 direct

www.huntonak.com