This compliance intelligence digest highlights critical data breach incidents affecting healthcare entities and a significant security flaw in the Cursor AI coding tool. Regulatory updates include California’s new CCPA rules, the EHRC’s overhaul at McDonald’s for harassment prevention, and new frozen asset reporting requirements in the Cayman Islands. Policy and governance articles cover the rise of fractional GCs and the regulatory risks of AI in retail investing.
Top 5 Critical Compliance Alerts
- EHR Vendor Identifies Business Associate Data Breach: CareTracker (Amazing Charts) and Marshfield Clinic announce data breaches. Read more
- Doctor Alliance Investigating 353 GB Data Theft Claim: HIPAA business associate Doctor Alliance investigates a significant data theft claim. Read more
- Data Breaches Announced by Sun Valley Surgery Center & American Associated Pharmacies: Sun Valley Surgery Center and American Associated Pharmacies report data breaches. Read more
- Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss: Lawsuit over Change Healthcare data breach moves forward. Read more
- Cursor Issue Paves Way for Credential-Stealing Attacks: Security weakness in AI-powered coding tool Cursor allows credential-stealing attacks. Read more
Compliance Frameworks
- 2026 Deadline Looms for Compliance with Updated Part 2 Regulations Regarding Patient Data Protections: HHS updates to 42 C.F.R. Part 2 align SUD confidentiality requirements with HIPAA, with a 2026 compliance deadline. Read more
Regulatory Updates
- New California Consumer Privacy Act rules from 1 January 2026: New CCPA regulations introduce regimes for cybersecurity audits. Read more
- EHRC forces major overhaul at McDonald’s: What real harassment prevention now looks like: Equality and Human Rights Commission strengthens agreement with McDonald’s regarding workplace sexual harassment prevention. Read more
- New annual frozen asset reporting requirement: What you need to know: Cayman Islands FRA requires annual reporting of frozen assets under UK sanctions by November 30, 2025. Read more
Policy & Governance Updates
- General Counsel on Demand: Why High-Risk Sectors Are Embracing the Fractional Model: Fractional GCs embed within businesses to shape strategy and build systems. Read more
- Agentic AI in Retail Investing: Navigating Regulatory and Operational Risk: Discusses the rise of AI in retail finance and its regulatory implications. Read more
- No More 10% Retainage: California Mandates 5% Retention Cap on Private Construction Projects: California caps retention on private construction projects at 5%, effective January 1, 2026. Read more
