Throughout 2021, we closely monitored the latest privacy laws and a surge of privacy, cybersecurity, and data asset management risks that affect organizations, small and large. As these laws continue to evolve, it is important for companies to be aware and compliant. We will continue to monitor these trends for 2022.

The attorneys of the Privacy, Cybersecurity & Data Asset Management group have written on a wide range of notable developments and trends that affect employers and health care providers. In case you missed any, we have assembled a recap of our top 10 blog posts of 2021, with links to each, below:


Continue Reading A Year in Review: Top 10 Privacy, Cybersecurity & Data Asset Management Issues in 2021

Recent data thefts and systems intrusions, particularly with respect to ransomware, have assured that cybersecurity is top of mind for corporate executives and compliance officials. We at EBG have tried to keep you up to date with respect to legislative, regulatory and litigation developments and recommended best practices and procedures.

As we close out the year, we all should remain mindful that cyber criminals, especially those who are supported or protected by foreign adversaries, have little incentive to rest up during the holidays.


Continue Reading Holiday Cyber Storm Warnings

On Tuesday, August 24, 2021, California Attorney General Rob Bonta issued a guidance bulletin (the “Guidance”) to health care providers reminding them of their compliance obligations under California’s health data privacy laws, and urging providers to take proactive steps to protect against cybersecurity threats. This Guidance comes, in part, as a response to federal regulators

In this episode of the Diagnosing Health Care PodcastAlthough the COVID-19 pandemic exposed cybersecurity vulnerabilities across sectors, it has particularly challenged the resilience of information systems for health care and life sciences companies. Because ransomware attacks have the potential to cripple access to important data, expose patient health records, and shut down machinery

Our colleagues Alaap Shah and Stuart Gerson of Epstein Becker Green have written an Expert Analysis on Law360 that will be of interest to our readers: “Health Cos. Must Prepare for Growing Ransomware Threat.”

The following is an excerpt (see below to download the full version in PDF format):

Ransomware attacks have become

Cyber threats and cybersecurity controls have evolved significantly over the past two decades since the HIPAA Security Rule were originally promulgated. During this same time, healthcare entities have increasingly become a prime target of hackers seeking to extort payment using ransomware, exfiltrate patient data to commit fraud, or disrupt operations in other nefarious ways.  Recognizing

Ransomware basics

Ransomware is a serious form of cyber extortion that employs malware to prevent users from accessing their systems or data, either by locking the system or encrypting critical files until a ransom is paid. The hacker holds the key to unlock the system and usually demands payment in cryptocurrency.

Ransomware has been a

Last week’s “WannaCry” worldwide Ransomware attack was particularly targeted against international health organizations. Though the attack was thwarted not without a little good luck and less financial loss that might have been predicted, it unsurprisingly triggered responses from U.S. government agencies including the Department of Homeland Security (DHS) and, with specific reference to health care