Collaborate Disseminate
Over on Infosec.Exchange, Will Palant posted: Yellow Flag @WPalant@infosec.exchange German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a softw… Continue reading German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failur… Continue reading NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedu… Continue reading After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding
The law firm of BakerHostetler has recently released several free resources of note: EU GDPR Data Breach Notification Interactive Map State Data Breach Notification Law Interactive Map PDF Version of State Data Breach Notification Laws They have also r… Continue reading Resources: Breach notification laws: US and GDPR
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of… Continue reading Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
Hunton Andrews Kurth writes: On December 14, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of VB v. Natsionalna agentsia za prihodite (C‑340/21), in which it clarified, among other things, the concept of non-… Continue reading Court of Justice of the European Union Rules That Fear May Constitute Damage Under the GDPR
Eduardo Baptista reports: China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders. The contingency plan comes am… Continue reading China issues draft contingency plan for data security incidents
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public… Continue reading FCC Approves Major Updates to Data Breach Notification Rules
Naomi Diaz reports: The American Hospital Association said HHS’ plan to levy financial penalties in the event of a cyberattack on a healthcare organization would be counterproductive. In a Dec. 6 statement, the AHA said it is advocating for the H… Continue reading AHA opposes HHS’ plan for cybersecurity fines
Jon Brodkin reports: Sen. Ted Cruz (R-Texas) and other Republican senators are fighting a Federal Communications Commission plan to impose new data-breach notification requirements on telecom providers. In a letter sent to FCC Chairwoman Jessica Rosenw… Continue reading Ted Cruz wants to stop the FCC from updating data-breach notification rules