Federal – Page 26 – WindowsTechs.com

The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now

Posted on April 23, 2019 by Dissent

Erin Smith Aebel of Shumaker, Loop & Kendrick, LLP writes: Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA w… Continue reading The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now→

MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

Posted on April 12, 2019 by Dissent

Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches in… Continue reading MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine→

Elizabeth Warren proposes holding execs criminally liable for scams and data breaches

Posted on April 4, 2019 by Dissent

Cory Doctorow reports: A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the… Continue reading Elizabeth Warren proposes holding execs criminally liable for scams and data breaches→

Inspector general finds deficiencies in how FBI tells companies they’ve been breached

Posted on April 1, 2019 by Jeff Stone

The FBI needs to shore up its internal processes for notifying the victims of cyberattacks, according to a U.S. Justice Department inspector general’s report published Monday. There are issues with the quality and completeness of the data stored in the FBI’s Cyber Guardian system — a tool for disseminating notifications after security breaches — reports Inspector General Michael E. Horowitz. Many FBI agents tasked with responding to cybercrimes improperly handle the work associated with indexing the victims in the bureau’s system, a problem that could make it more difficult for hacked organizations to recover, according to the report. “During this audit, we visited six FBI field offices and discussed the victim notification process with cyber squad Special Agents and supervisory Special Agents,” the report said. “In our discussions, we found that 29 of 31 field agents we interviewed do not use the ‘Victim Notification’ lead type when setting leads for victim notification. Five of […]

The post Inspector general finds deficiencies in how FBI tells companies they’ve been breached appeared first on CyberScoop.

Continue reading Inspector general finds deficiencies in how FBI tells companies they’ve been breached→

Lawmakers introduce bipartisan bill for ‘internet of things’ security standards

Posted on March 12, 2019 by Dissent

Jacqueline Thomsen reports: A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.” The bill, introduced in the Senate by Sens. Ma… Continue reading Lawmakers introduce bipartisan bill for ‘internet of things’ security standards→

How to Pick the Right Solution for FISMA SI-7 Compliance

Posted on March 11, 2019 by Megan Freshley

It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting sol… Continue reading How to Pick the Right Solution for FISMA SI-7 Compliance→

FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule

Posted on March 8, 2019 by Dissent

Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“… Continue reading FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule→

Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing

Posted on March 2, 2019 by Dissent

James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportati… Continue reading Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing→

When it Comes to NIST 800-171 Compliance – There’s ‘On Time’ and There’s ‘Lombardi Time’

Posted on February 19, 2019 by Martin Fischer

If you wait to become 800-171 compliant, you won’t win contracts. That was the message we wanted to make loud and clear to over 200 federal contractors during last week’s Washington Technology (WT) webcast, Inside NIST 800-171: Cyber Requir… Continue reading When it Comes to NIST 800-171 Compliance – There’s ‘On Time’ and There’s ‘Lombardi Time’→

In the Event of “Shutdown, Part 2,” Trust Your Instruments

Posted on February 12, 2019 by Rod Musser

There is a principle long held by pilots that says as follows: “You have to trust your instruments.” This principle can be applied to organizations seeking to ensure the security of cloud and other deployments while lacking adequate securit… Continue reading In the Event of “Shutdown, Part 2,” Trust Your Instruments→