Photo of Cory Brennan

Cory is an associate in Taft’s Indianapolis office and focuses her practice on matters relating to intellectual property, information technology, software licensing and procurement, advertising technologies and digital marketing solutions, data privacy and security, and data breach and incident response.

On Dec. 7, 2023, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced a settlement with a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a phishing attack that affected the electronic protected health information (PHI) of approximately 34,862 individuals. This marks the first settlement OCR has resolved involving a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Rules. Additionally, this settlement comes just a handful of weeks after OCR announced a settlement with a Massachusetts medical management company in connection with a large breach report regarding a ransomware attack that affected the PHI of 206,695 individuals – becoming the first ransomware agreement OCR has reached as well.Continue Reading OCR Doubles Down: Two Settlements in Two Months for Two Common Cybersecurity Issues

On October 6, 2023, Snap Inc. and Snap Group Ltd. (collectively, “Snap”) received a preliminary enforcement notice from the U.K. Information Commissioner’s Office (ICO) due to a potential failure to properly assess the privacy risks posed by its generative AI chatbot, My AI.Continue Reading Snap Receives Preliminary Enforcement Notice Related to Privacy Risks Posed by AI Chatbot

In July of 2023, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published a joint letter cautioning hospitals, health app developers, and telehealth providers about the privacy and security risks related to the use of online tracking technologies integrated into their websites or mobile apps that may be impermissibly disclosing consumers’ sensitive personal health data to third parties. Additionally, the two agencies sent the joint letter to approximately 130 hospital systems and telehealth providers to remind them of the regulatory risks associated with using such technologies.Continue Reading A Cautionary Tale: FTC and OCR Publish Warning Letters Regarding the Use of Third-Party Tracking Technologies