DHS and Cyber: What Should Companies Expect?
Data Resilience Masterclass: Navigating the Risks of the Digital Age - Data Risk and Resilience is a critical topic for modern businesses, especially within industries that handle vast amounts of sensitive information....more
On July 19, Change Healthcare Ince. filed a breach report with HHS Office for Civil Rights (OCR) concerning its mammoth ransomware attack and breach. The organization’s breach report to OCR identifies just 500 individuals as...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
The US Securities and Exchange Commission has adopted amendments to Regulation S-P requiring entities under its remit to provide notice to individuals affected by certain types of data breaches. This adds yet another...more
We are pleased to announce that several of the firm’s practice groups and attorneys were recognized in the 2024 edition of Chambers USA, a directory of leading law firms and attorneys. Chambers and Partners annually...more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
Modern warfare is no longer restricted to physical battlefields and professional military. Countries like North Korea and Russia have few qualms about using cyberspace to reach well beyond their physical borders to target...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
As organizations continue to take steps to prevent cyberattacks, a near-universal recommendation is that they should implement multi-factor authentication (MFA), and for good reason. Organizations subject to the updated FTC...more
Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
Last October, the Federal Acquisition Regulation (FAR) Council proposed two new rules, one of which that will influence cyber incident response practices. The scope is limited as it only applies to federal government...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
Report on Patient Privacy 23, no. 12 (December, 2023) Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates...more
As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber...more
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
Cross Border Transfers of Data. UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more