A misunderstood area of workers’ compensation defense exists in the notorious “240 process.” As we often see, an employee’s Facebook pictures, or perhaps his comments to a physical therapist, may be inconsistent with his complaints to the ATP, who has the employee on work restrictions. Given this suspicion, the employer and adjuster then put their heads together to create a light duty job using the ATP’s restrictions and request the ATP to “sign off” on the proposed job. If the employee then attempts the light duty job for less than eight hours or one scheduled work-day (whichever is greater), or refuses to attempt the job altogether, than the employer may suspend income benefits. Board Rule 240 contains the steps one must follow to successfully navigate the “240 process.” While it seems simple enough, many employers, insurers, and defense attorneys alike stumble over a key element-when submitting the initial job description…       Read More

On August 24, in FTC v. Wyndham Worldwide Corp., the Third Circuit Court of Appeals found that the FTC had authority to regulate cyber security under the “unfairness” prong of Section 5 of the Federal Trade Practices Act. The background of the case is this: On three (3) occasions in 2008 and 2009 hackers successfully penetrated Wyndham Worldwide Corporation’s computer network. These three data security breaches resulted in the theft of personal and financial information of hundreds of thousands of consumers, leading to over $10.6 million dollars in fraudulent charges. The FTC filed suit against Wyndham alleging that Wyndham’s lack of sufficient cyber security was an unfair practice. Wyndham tried to dismiss the case at the District Court level, but their Motion was denied. This ruling was appealed to the Third Circuit. The Third Circuit upheld the District Court’s ruling, thereby strengthening the FTC’s ability and authority to regulate cyber…       Read More

Ashley Madison puts $377000 bounty on hackers’ heads CNET The cyber attackers threatened to release the embarrassing data if the website didn’t shut down. Ashley Madison refused, and so the hackers Employee Negligence Top Health Data Breach Issue, Report Says HealthITSecurity.com A large portion of health data breach incidents are tied to insider activity, employee negligence, and physical theft of devices, according to a recent … Ex-State Dept. employee from Atlanta indicted on hacking and cyberstalking charges Atlanta Business Chronicles … aliases that included “David Anderson” and “John Parsons,” engaged in a computer hacking and “sextortion” campaign to force numerous women to … Web.com Suffers Data Breach Affecting 93000 Customers JDSupra (press release) This time, Florida-based web hosting company, Web.com, has announced that it suffered a data breach that may have compromised credit card … Spotify CEO apologizes for super-creepy new privacy policy WCVB Boston Spotify’s CEO has apologized for…       Read More

Hall Booth Smith international business attorney John Parkerson has been selected to join the Board of Directors of  the Atlanta Council on International Relations (“ACIR” http://atlantacir.org).  The ACIR is a non-profit and non-partisan educational organization, dating from the early 1950s, that promotes understanding of international affairs through the free exchange of ideas.   Its monthly lunch programs at the Capital City Club in Atlanta enhance participants’ informed opinion on current issues of foreign policy.

Adobe Settles Claims for Massive Data Breach Courthouse News Service Adobe announced the security breach on Oct. 3, 2013, and said hackers had stolen 3 million credit and debit card records and login data from an … Target settles with Visa over data breach USA TODAY “Target is pleased that we have reached a settlement agreement with Visa related to the data breach we experienced during the fourth quarter of 2013 … Hackers Finally Post Stolen Ashley Madison Data Wired The data also includes descriptions of what members were seeking. … Now they face the greatest fallout from the breach: public embarrassment, the … U.Va. reports cyberattack on ID systems; US investigating Washington Post CHARLOTTESVILLE, Va. – The University of Virginia says it has been the target of a cyberattack originating in China. The university says no … Hacktivists target Florida International University, University of Miami Local 10 “There was…       Read More

Ubiquiti Networks, Inc. was recently the victim of a cyber scam in which the thieves sent spoof communications to executives to trick them into wiring funds to the fraudsters to the tune of $46.7 million. Go to Krebs on Security, http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/, for a good historical perspective on this scam, but the way it works is this: Hackers gain access to an executive’s inbox, often through a phishing e-mail. Then they will send a “spoof” e-mail that looks like it is coming from the executive, to another person within the company instructing them to wire funds to a third party. Hackers will frequently watch the victim’s e-mail account to learn habits and patterns before sending the spoof e-mail. The businesses most at risk are those that regularly engage in wire transfers. How does a business protect itself against this scam? Institute processes and controls for communication and back-up verification whenever one…       Read More

Nine charged in US insider trading scheme involving hackers Reuters The hackers created a “video tutorial” to help traders view the stolen … “This case illustrates how cyber criminals and those who commit securities … Medical devices too prone to hackers, researchers warn Washington Times During day one of DefCon, the world’s largest computer hacking conference, researchers Scott Erven and Mark Collao warned that allowing more and … Delaware Governor Signs Internet Privacy, Safety Package into Law Government Technology The Student Data Privacy Protection Act focuses on protecting the personal information of students who use technology to complement and enhance … Data Security Firm Hit With Suit Over Cyberattack The Recorder SAN FRANCISCO – A Silicon Valley company that touted the security of its mobile platform is facing a shareholder class action related to a 2014 data … China suspected in possible hack on American Airlines CBS News Bloomberg News…       Read More

Citing Hacking Risk, FDA Says Hospira Pump Shouldn’t Be Used New York Times Earlier this year the FDA and the Homeland Security Department’s Industrial Control Systems-Cyber Emergency Response Team issued warnings … UCLA Breach Impacts Up To 4.5 Million Individuals Health IT Outcomes (press release) UCLA Health has announced a criminal cyber-attack hit their network, acceding certain personal and medical information of as many as 4.5 million … Data breach affects patients of area health care providers KPCnews.com A data breach reported by a Fort Wayne-based electronic medical records company that affects nearly 4 million patients nationwide has resulted in a … Why every CIO needs a cybersecurity attorney CIO General practice litigators and corporate attorney advisors will now have familiarity with cybersecurity and data privacy issues.” Because every … Attorney: Dakota Dunes clinic cyber attack affects data for more than 13000 patients Sioux City Journal DAKOTA DUNES | Siouxland…       Read More

In a warning that is the first of its kind, on July 31, 2015, the FDA encouraged healthcare facilities to stop using the Hospira Symbiq Infusion System due to cybersecurity vulnerabilities. (http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm) The infusion system is a computerized pump designed for the continuous delivery of general infusion therapy for a broad patient population. It operates by communicating with a Hospital Information System (“HIS”) via a wired or wireless connection over a facility’s network. The vulnerability allows the infusion system to be accessed by an unauthorized user, who can then change the dosage the pump delivers. This can cause an over or under infusion of critical patient therapies. The FDA and Hospira are currently not aware of any adverse patient events or actual unauthorized access of the infusion system in a healthcare setting. Healthcare providers better get used to warnings like this as medical devices are increasingly connected to healthcare networks….       Read More