Collaborate Disseminate
Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare secto… Continue reading Prominent US senator sees new momentum for healthcare cybersecurity push
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-fo… Continue reading Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has s… Continue reading Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
David DiMolfetta reports: A new White House directive that gives agencies the legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries is getting mixed reviews, with industry executives saying it could risk mu… Continue reading Biden’s new data security order leaves industry officials, privacy advocates scratching their heads
TO THE CONGRESS OF THE UNITED STATES: Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report t… Continue reading Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
Jennifer Hennessy and Christopher Taylor of Foley & Lardner write: In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the … Continue reading NIST Publishes Final “Cybersecurity Resource Guide” on Implementing the HIPAA Security Rule
Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of… Continue reading An Update on the SEC’s Cybersecurity Reporting Rules
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. T… Continue reading IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks