DHS and Cyber: What Should Companies Expect?
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
2023 has been a big year for AI with the landmark Executive Order for Safe, Secure, and Trustworthy Artificial Intelligence (EO) adding to the already busy and dynamic AI landscape. Issued less than two months ago, the EO has...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
Report on Patient Privacy 23, no. 12 (December, 2023) Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
School districts are relying on technology while they reshape educational services and reform educational methods. Due to this increased reliance on increasingly advanced technology, school districts have and will continue to...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
For years, federal cyber policy has been based on successful public-private partnerships, collaboration, and the promotion of voluntary standards that can be tailored to sector and organization-specific risk and needs....more
This month is the 19th Annual National Cybersecurity Awareness Month in the United States, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. This year’s campaign theme...more
Key Wireless Deadlines- FCC Proposes to Update Intercarrier Compensation Regime: In this Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC or Commission) “seeks comment on proposed...more
In previous posts on the Porter Hedges Anti-Corruption & Compliance Blog, our team has discussed the U.S. Securities and Exchange Commission’s (“SEC”) proposal to amend its rules and require disclosures related to...more
Cybersecurity is the goliath of tech-related concerns for companies of all sizes, not just large corporations. The Cybersecurity & Infrastructure Security Agency (“CISA”) encourages small and midsize businesses to focus on...more
A proposed $1M civil penalty against Colonial Pipeline for its procedural failures during a ransomware attack could indicate what’s in store for critical infrastructure operators who fail to keep employees up to date on how...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
What: On February 23, 2022, the National Security Telecommunications Advisory Committee (NSTAC) approved a final draft of its forthcoming report to the President on Zero Trust and Trusted Identity Management. ...more
On December 15, 2021, Congress passed the National Defense Authorization Act (NDAA or Act) for Fiscal Year (FY) 2022, which President Biden is expected to sign into law soon. As usual, the NDAA contains numerous provisions...more
This month is the 18th Annual National Cybersecurity Awareness Month in the United States, sponsored by the Cybersecurity and Infrastructure Security Agency and the National Cyber Security Alliance. This year’s theme is again...more
On July 19, 2021, the Biden administration, along with a group of allies publicly accused the Chinese government of malicious cyber activities and irresponsible state behavior. The joint announcement states the U.S....more
The Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. Government Agency that works with the private sector to defend against cyber threats and to build more secure and resilient infrastructure for the...more
Keypoint: Individuals and businesses should take steps to prevent against becoming victims of the rapid rise in Coronavirus-related hacking scams. On March 20, 2020, the FBI issued an alert warning that cyber thieves are...more