Collaborate Disseminate
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the … Continue reading HHS Security Risk Assessment Tool Version 3.4 and Webinars
Sid Mody, Andrew J. Geist, Shelly Heyduk, Bill Martin, and Anna Xie discuss the implications of recent actions by the SEC. They write, in part: In sending a Wells Notice to SolarWinds’s CISO, the SEC has put CISOs generally on high alert that the agenc… Continue reading What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures
Rachel V. Rose, Ted Dziekanowski, and Andy Watkin-Child report: The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, regi… Continue reading SEC Cybersecurity Rule Leans on Materiality and Reasonableness
Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUM… Continue reading Health Data and Investigations: Between a Rock and a Hard Place
CUNA reports: NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably belie… Continue reading Compliance: National Credit Union Administration issues letter on cyber incident reporting notification requirements
GNA reports: Three managers were arrested on Monday by the Data Protection Commission (DPC) and the Criminal Investigations Department (CID) of the Ghana Police Service for breaching the Data Protection Act, 2012 (Act 843). The three institutions are H… Continue reading Three managers picked up; 2 others invited for breaching Ghana data protection law
Scott Greenfield comments on a ruling previously noted on this site: In an underappreciated ruling, District of Columbia Judge Amit Mehta ruled that the multinational law firm Covington & Burling must comply with an SEC subpoena requiring the firm … Continue reading Cyberattacks And Compromise of Attorney Client Confidences
Abigail Adcox reports: U.S. District Judge Amit Mehta of the District of Columbia has ruled that Covington & Burling must disclose to the U.S. Securities and Exchange Commission the names of seven clients whose information may have been exposed in … Continue reading In SEC Battle, Covington Ordered to Disclose Names of 7 Clients
Orrick, Herrington & Sutcliffe LLP write: On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021… Continue reading 1st Circuit confirms standing for data breach victims
Micaela McMurrough, Ashden Fein, David H. Engvall, Caleb Skeath, Kerry Burke, and Shayan Karbassi of Covington and Burling write: According to a recently-released meeting agenda, the Securities and Exchange Commission’s (“SEC”) upcoming July 26, 2023 m… Continue reading SEC to Consider Cyber Rules Next Week