Privacy & Information Security Law Blog

On February 10, 2023, an Illinois federal district court ordered the dismissal of a putative class action lawsuit alleging that an online tool that allowed users to virtually try on sunglasses violated the Illinois Biometric Privacy Act (“BIPA”).

On April 8, 2022, the Food and Drug Administration (“FDA”) issued Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, a draft guidance document for industry and FDA staff. Industry stakeholders will have until July 7, 2022 to comment on the proposed guidance.

The Federal Trade Commission recently released an interactive tool for mobile health apps. The tool was developed in conjunction with several other federal agencies, including the Department of Health and Human Services’ Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, and the Food and Drug Administration.

On July 10, 2015, the United States House of Representatives passed the 21st Century Cures Act (the “Act”), which is intended to ease restrictions on the use and disclosure of protected health information (“PHI”) for research purposes.

On October 1, 2014, the Food and Drug Administration (“FDA”) announced that it has issued final guidance regarding cybersecurity in medical devices, entitled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (the “Guidance”). The Guidance provides recommendations to device manufacturers for content “to include in FDA medical device premarket submissions for effective cybersecurity management.” The Guidance updates a draft guidance that was originally published in June 2013.

On June 13, 2013, the Food and Drug Administration (“FDA”) published a safety communication and guidance regarding the vulnerability of medical devices to cyberattacks. The safety communication, Cybersecurity for Medical Devices and Hospital Networks, is intended for “[m]edical device manufacturers, hospitals, medical device user facilities, health care IT and procurements staff; and biomedical engineers.” The safety communication notes that because medical devices can be connected to other devices and the Internet, such devices are exposed to cyber attacks that might result from malware infections, the exploitation of weak password protections, a lack of updated security patches and security vulnerabilities in software installed on medical devices.