Legal practitioners know firsthand the challenges in remaining compliant with data breach notification laws. Beyond the high-profile phishing, formjacking, and ransomware attacks, the everyday incident – a lost laptop, a misdirected letter – typically makes up the bulk of a privacy professional’s caseload. That’s not to say the work itself is routine or everyday. Consider:

The challenges in incident response may cause alarm in the fainthearted, but any privacy pro worth their mettle isn’t deterred. It’s just a reality of the job.

Here are some of the stories from this month that we’re talking about at RADAR:

  • 14,600 patient records were exposed months ago in a phishing attack in California. The attack was executed against a contractor working with sensitive information, triggering contractual obligations as well as regulatory obligations to provide notification.
  • A recent report showed that 2018 saw the financial impact to businesses by ransomware increased by 60 percent, estimating that “ransomware will cost U.S. businesses $8 billion in 2018, growing to $20 billion in 2021”
  • Illustrating the impact of a single, big breach: in the month of June alone, 3.5 million individual records were exposed in healthcare breaches reported to HHS Office for Civil Rights. That’s 2 million more than in May, but the number of breaches reported went down by 40% month over month. The majority of those records – just under 3 million – were exposed in a single incident.

If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at [email protected].