Collaborate Disseminate
Skye Witley reports: New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday. Covered entities will have to use m… Continue reading NY Financial Regulator Rolls Out Updated Cybersecurity Standards
From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Manag… Continue reading HHS announces its first settlement in a ransomware case: Doctors’ Management Services
David Migoya reports: Colorado House Republican leaders on Monday called for an investigation into why Colorado’s higher education agency allegedly failed to timely report a massive data breach this summer. In a two-page letter hand-delivered to … Continue reading Colorado GOP Wants Inquiry into Delayed Notification of Data Breach
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is av… Continue reading OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). New standards for AI safety and security As AI’s capabilities grow, so do its implicat… Continue reading White House issues Executive Order for safe, secure, and trustworthy AI
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expectin… Continue reading AU: ASIC modifies licensees’ breach reporting obligations
Skye Witley reports: A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises. Among the first-ever cyber regulations to be enforced b… Continue reading Top US Cyber Agency Pushing Toward First Hack Reporting Rule
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers us… Continue reading HIPAA requires employers to sanction employees who violate HIPAA. Did you know that?
From a press release from the NYS Attorney General’s Office today: New York Attorney General Letitia James today secured $350,000 from a Long Island-based home health care company, Personal Touch Holding Corporation (Personal Touch), for failing … Continue reading Personal Touch Holding settles NY Attorney General’s lawsuit stemming from 2021 ransomware incident: will pay $350k, improve security
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inme… Continue reading Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices