Posts

Showing posts with the label Alston & Bird

Threat Actors Exploit Google’s Gemini to Accelerate Cyberattacks

Google Threat Intelligence Group (GTIG)  recently reported that cybercriminals—in particular, state-sponsored threat actors from North Korea, Iran, China, and Russia—are misusing Gemini, Google’s large language model (LLM), to support all stages of their attack lifecycle. Specifically, GTIG observed threat actors using Gemini to code and script tasks, accelerate reconnaissance, research publicly known vulnerabilities, and enable malware development and post-compromise activity. Examples of State-Sponsored Threat Actor’s Use of Gemini GTIG documented several examples of state-backed actors integrating Gemini into their operations, including: North Korea:  GTIG observed the North Korean government-backed group  UNC2970  use Gemini to synthesize open-source intelligence (OSINT ) and profile high-value targets to support campaign planning and reconnaissance. Iran:  The Iranian sponsored actor  APT42  used generative AI models, including Gemini, to search f...

Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables

Move over HIPAA…the health privacy landscape may be in for a shakeup. On November 4, 2025, S enator Bill Cassidy, M.D. (R-LA) introduced the  Health Information Privacy Reform Act (HIPRA) , a bill aimed at closing a gap in health data protections. HIPAA has long governed the privacy of traditional medical records held by health care providers and health plans, but what about the data collected by your smartwatch, fitness app, or wellness platform? Those technologies are currently governed by a patchwork of state laws and Federal Trade Commission (“FTC”) guidelines. HIPRA intends to change that. According to the  press release , HIPRA is intended to “expand health privacy protections to account for new technologies that are not currently required to have privacy protections, such as wearables and health apps.” What Would HIPRA Cover? The bill introduces a new category of health data called “Applicable Health Information” (AHI). AHI is any identifiable (or reasonably identifiabl...

Cybersecurity Resources for Boards in the U.S., UK, and EU

Image
Boards in the United States, United Kingdom, and European Union face increasing pressure to oversee cybersecurity risks amid evolving regulatory expectations. Our Privacy, Cyber & Data Strategy Team highlights key resources, frameworks, and reporting obligations shaping board-level cybersecurity governance across jurisdictions. Explores U.S., UK, and EU guidance on board-level cybersecurity governance Identifies emerging regulatory trends and reporting requirements Provides practical tools to strengthen oversight and resilience Boards across the United States, United Kingdom, and European Union are under growing pressure to demonstrate effective oversight of cybersecurity risks. As incidents become more frequent and impactful, boards must not only understand their responsibilities but also stay informed about evolving legal obligations, best practices, and governance expectations. Earlier this year, the French national cybersecurity regulator (ANSSI) hosted a first-of-its-kind tab...

FTC Enforcement of Cancellation Practices Continues After Click-to-Cancel Rule Defeated

Our Consumer Protection/FTC Team examines how the FTC continues to actively pursue companies with allegedly complicated cancellation practices by relying on existing legal authority despite setbacks to the Click-to-Cancel Rule. The FTC alleges that gyms used complex and misleading methods to hinder membership cancellations Consumers allegedly faced obstacles to cancellation in violation of Section 5 of the FTC Act and Restore Online Shoppers’ Confidence Act Even after the Click-to-Cancel Rule was struck down, the FTC can impose substantial penalties and remains committed to enforcing simple cancellation mechanisms for online services On August 20, 2025, the Federal Trade Commission (FTC)  announced  it had brought a  complaint  against Fitness International LLC and Fitness & Sports Clubs LLC, which operate LA Fitness and other national gym chains. The complaint, brought in the Northern District of California, alleges that the companies used unclear and complicat...

President Biden Signs First National Security Memorandum Focused on AI

  On October 24, 2024, President Biden signed the first-ever   National Security Memorandum   (“NSM”) focused on artificial intelligence (“AI”), pursuant to subsection 4.8 of   Executive Order 14110 . The NSM provides guidance on developing, employing, and strengthening AI usage within the federal government. The NSM outlines three main objectives which serve as guideposts in directing the U.S. Government in “appropriately harnessing AI models and AI-enabled technologies . . .” Below are the NSM’s requirements that support each objective. Objective 1: Leading the world’s development of safe, secure, and trustworthy AI. The Department of Defense (“DoD”) and the Department of Homeland Security (“DHS”) must assist in attracting and bringing individuals with relevant AI experience to the U.S. Within 180 days of the NSM (April 22, 2025), the Chair of Economic Advisers must prepare an analysis of the AI talent market in the U.S. and other countries. The DoD, Department of ...