Health Law Advisor

The widespread availability of Artificial Intelligence (AI) tools has enabled the growing use of “deepfakes,” whereby the human voice and likeness can be replicated seamlessly such that impersonations are impossible to detect with the naked eye (or ear). These deepfakes pose substantial new risks for commercial organizations. For example, deepfakes can threaten an organization’s brand, impersonate leaders and financial officers, and enable access to networks, communications, and sensitive information.

In 2023, the National Security Agency (NSA), Federal Bureau of Investigations (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (the “Joint CSI”) entitled “Contextualizing Deepfake Threats to Organizations,” which outlines the risks to organizations posed by deepfakes and recommends steps that organizations, including national critical infrastructure companies (such as financial services, energy, healthcare and manufacturing organizations), can take to protect themselves. Loosely defining deepfakes as “multimedia that have either been created (fully synthetic) or edited (partially synthetic) using some form of machine/deep learning (artificial intelligence),” the Joint CSI cautioned that the “market is now flooded with free, easily accessible tools” such that “fakes can be produced in a fraction of the time with limited or no technical expertise.” Thus, deepfake perpetrators could be mere amateur mischief makers or savvy, experienced cybercriminals. 

On Tuesday, August 24, 2021, California Attorney General Rob Bonta issued a guidance bulletin (the “Guidance”) to health care providers reminding them of their compliance obligations under California’s health data privacy laws, and urging providers to take proactive steps to protect against cybersecurity threats. This Guidance comes, in part, as a response to federal regulators sounding the alarm over an uptick in cybercrime against hospitals and other health providers. The Guidance follows an October 2020 Joint Cybersecurity Advisory issued by the Cybersecurity and ...

After U.S. Attorney General, William P. Barr[1] and the Federal Bureau of Investigation issued warnings this week regarding potential fraudulent schemes that are being perpetrated in the nation’s response to the COVID-19 pandemic, on Sunday, March 22, 2020, the U.S. Department of Justice (DOJ) filed its first enforcement action to shut down COVID-19-related fraud.  DOJ attorneys moved in federal court in Austin, Texas for a temporary restraining order against operators of a website, coronavirustestingkit.com, alleged to have engaged in a wire fraud scheme by offering consumers access to “free” World Health Organization (WHO) vaccine kits in exchange for a shipping charge, which required consumers to enter credit card information on the website.[2] The website stated that the kits “only” required water to administer the vaccine and provided testimonials from “recent users.” The government alleged that claims made on the website are false, as the WHO is not offering free vaccine kits and there is not yet a scientifically proven vaccine, and that the intent of the website is to gain access to consumer credit card information.

On March 16, 2020, U.S. Attorney General Barr directed in a memorandum to U.S. Attorneys that “[e]very U.S. Attorney's Office is thus hereby directed to prioritize the detection, investigation, and prosecution of all criminal conduct” related to the COVID-19 outbreak.[3] Attorney General Barr advised, “the pandemic is dangerous enough without wrongdoers seeking to profit from public panic,” and therefore, such criminal conduct will not be tolerated.