Collaborate Disseminate
Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare secto… Continue reading Prominent US senator sees new momentum for healthcare cybersecurity push
On March 28, 2024, the U.S. Department of Education—in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)—held the kickoff meeting of the Education Facilities Subsector Government Coordinating Council (GCC), designed to facil… Continue reading K12 SIX Applauds Launch of K-12 Education Cybersecurity Council
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-fo… Continue reading Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
Vivienne Serret reports: Hackers broke into the computer network of the Florida Department of Juvenile Justice in Tallahassee, which runs the state’s juvenile detention centers and programs to steer troubled kids away from crime. It led to a cont… Continue reading Florida Department of Juvenile Justice computer network hacked
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has s… Continue reading Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
A coalition of state attorneys general have sent a letter to Meta asking them to do more to help users whose accounts have been hacked or taken over. The letter to Meta’s Chief Legal Officer begins: Dear Ms. Newstead: We, the undersigned attorn… Continue reading 41 State Attorneys General tell Meta to do better in preventing and mitigating account takeovers
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH