In 2024, states continued to enact sectoral privacy laws, particularly focusing on children’s data and AI regulation. The New York Child Data Protection Act and SAFE for Kids Act aim to protect children’s privacy and safety online, while the Maryland Age-Appropriate Design Code Act seeks to regulate online content for children. Other states, such as Connecticut and Colorado, have also passed amendments to their consumer data privacy laws to enhance protections for children’s data.
In 2024, seven states passed comprehensive data privacy laws, bringing the total to 19. Maryland, Vermont, and Maine introduced more restrictive data minimization provisions, while Minnesota, New Jersey, and Rhode Island iterated on existing models. Existing laws in California, Colorado, Virginia, and New Hampshire received amendments, primarily focusing on expanding protections for children’s data.
The Health Infrastructure Security and Accountability Act (HISAA) aims to enhance cybersecurity standards for healthcare organizations by imposing mandatory minimum security measures and providing financial support for compliance. The bill requires annual audits, stress tests, and increased accountability for non-compliance, with penalties reaching up to $250,000 for willful neglect. HISAA also includes financial assistance for hospitals to enhance their cybersecurity infrastructure, particularly for rural and safety net facilities.
Healthcare workers resort to insecure password practices due to care delivery demands, leading to data breaches and compromised credentials. These breaches impact patient care, cause significant costs, and highlight the ineffectiveness of complex passwords.
New York has implemented new cybersecurity regulations for general hospitals, requiring annual risk assessments, incident response plans, and multifactor authentication. The regulations aim to enhance cybersecurity standards beyond HIPAA requirements and address the increasing frequency of cyberattacks on hospitals. Hospitals have one year to comply with the new requirements, with funding available to assist with implementation costs.
LLMs
A recent study by Apple engineers shows the fragility of mathematical reasoning in advanced large language models (LLMs) like those developed by OpenAI and Google. The research shows that LLMs struggle with minor changes to benchmark problems, resulting in performance drops of up to 9.2%. These findings suggest that LLMs rely on probabilistic pattern matching rather than genuine logical reasoning. The researchers concluded that these models’ reasoning processes have critical flaws that cannot be resolved with simple refinements.
Google DeepMind has developed an AI model to predict key properties of potential drugs. The new Tx-LLM (Therapeutic Large Language Model) model represents a shift toward specialized artificial intelligence tools for specific industries. This targeted approach could prove more valuable than general-purpose AI in addressing complex commercial challenges.
In St. Aubin v. Carbon Health Technologies, Inc., the United States District Court for the Northern District of California examined a claim under the California Invasion of Privacy Act (CIPA) regarding alleged interceptions of medical data by third-party tracking technologies. The court focused on the application of CIPA’s second clause, which prohibits unauthorized interception of the “contents or meaning” of communications, finding that URLs containing detailed health information could qualify as protected content. Facebook’s tracking was deemed to meet this requirement due to its real-time data interception capabilities, while Google’s tracking lacked sufficient specificity, leading the court to allow an amendment to the complaint. This case highlights the increasing judicial scrutiny of digital privacy, particularly concerning online tracking and the sharing of sensitive medical information.
There is an alarming rise in healthcare data breaches, which have increased by 187% in 2023. The surge in cyberattacks, particularly driven by ransomware and phishing, poses significant challenges to the healthcare industry. To address these challenges, healthcare organizations must prioritize regular training and thorough audits to enhance their security measures.
Data compromises decreased by 8% in Q3 2024, with 672 incidents reported. However, the number of individuals affected fell by 77% due to a significant decrease in healthcare data breaches. Despite the decrease in data compromises, the total number of victims for the year is still above the 2023 record.
