Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Privacy Monday – August 3, 2015

Posted in Cloud Computing, Cybersecurity, Data Breach, Events and Webinars, Privacy Monday

It’s the first Monday in August … and time for all those “back to school” ads.

While you enjoy what is left of the summer of 2015 , we will kick off your week with a few privacy and security bits and bytes.


summer of 2015

1.  State Insurance Commissioners Upping the Cyber-Ante

The National Association of Insurance Commissioners (NAIC) is ratcheting up its efforts to tackle cybersecurity issues.  As we discussed in the spring in this blog, the NAIC issued Guiding Principles for Cybersecurity  and is now following up with three additional initiatives designed to help protect consumer information and educate the public about cyber risks.

  • The NAIC’s Cybersecurity Task Force released a Consumer Cybersecurity Bill of Rights draft last week for public comment. The bill of rights is intended to set standards for helping consumers if their personal information is compromised. The Task Force expects to adopt these standards within the next 30 days;
  • The Cybersecurity Task Force is also coordinating with state insurance regulators to conduct examinations of insurance companies to verify companies are taking appropriate steps to protect sensitive data, including confidential personal information; and
  • The NAIC is co-sponsoring a forum with the Center for Strategic and International Studies (CSIS) on September 10 in Washington, D.C., entitled “Cyber Risk Management and Insurance.” Cyber experts, policymakers and business leaders will discuss cyber risks faced by American businesses and consumers, and how best to manage those risks.


2.  FDA Says Drug Infusion Pump Can Be Hacked

On Friday, the FDA issued a “safety warning” regarding cybersecurity vulnerabilities in pumps used to infuse drugs at a patient’s bedside.  The warning said that the pumps — manufactured by Hospira Inc. and called Symbiq —  can be hacked through hospital wireless networks, causing an overdose or an underdose.   Hospira no longer makes the devices, but according to the FDA, they are still in use in hospitals, nursing homes and other facilities to administer drugs intravenously.

The FDA “strongly encourages health-care facilities to begin transitioning to alternative infusion systems as soon as possible,” the agency said.

The agency is not aware of any patients who have been injured or any pumps that have been accessed without authorization and says that the FBI and the Department of Homeland Security are aware of the vulnerability.
3.  And, make sure not to miss our next Wednesday Webinar

We will be taking on the important topic of vendor privacy/security risk management.  Outsourcing business processes, cloud data processing and data storage, remote access to systems for maintenance …. any and all of these can present major data security management issues for companies.  Obligations to manage the security risk of third parties and vendors have never been more important.  Join us for our next Wednesday Webinar on August 26 –  registration is here.