On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
On January 25, the Department of Veterans Affairs (VA) published a new final rule amending contractual provisions in the VA Acquisition Regulation (VAAR) to address data privacy, protection, and cybersecurity. The aim of the...more
Cyber whistleblowing is the newest and hottest area of exposure for organizations. All government contractors and grant recipients must develop an understanding of the use of the False Claims Act (FCA) to address...more
4/15/2022
/ Biden Administration ,
Civil Monetary Penalty ,
Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Grants ,
Popular ,
Qui Tam ,
Risk Management ,
Whistleblowers
On Tuesday, December 8 one of the nation's leading cyber defense vendors (FireEye) announced it suffered a recent cyber-attack from a "highly sophisticated threat actor, one whose discipline, operational security lead us to...more
12/11/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Risk Management
On April 21, 2020, the U.S. Department of Health and Human Services released a series of announcements signaling its intention to finalize and enforce certain aspects of the Office of the National Coordinator (ONC) Cures Act...more
4/30/2020
/ Blocking Statutes ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health IT ,
OIG ,
ONC ,
Patient Access ,
Popular ,
Proposed Rules
As organizations prepare for certain contingency work arrangements in response to the coronavirus (COVID-19) outbreak, companies must also focus attention on ensuring appropriate cyber hygiene. ...more
Cybersecurity attacks represent a real threat to our national security and the defense industrial base. To combat these threats, the Department of Defense (DoD) recently released Cybersecurity Maturity Model Certification...more
October was National Cyber Security Awareness Month and, as its parting gift, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Office of the National Coordinator for Health...more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
Organizations and their legal departments continue to deal with the repercussions of email compromises. Regardless of whether your organization is considering migration of email services to Microsoft Office 365 (O365) or...more
Effective December 2018, the Federal Energy Regulatory Commission (FERC) approved supply chain risk management Reliability Standards (Order No. 850) that require all utilities to develop and implement a security controls plan...more
On Friday, December 28, 2018, the Department of Health and Human Services (HHS) released several documents, including the "Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients," an...more
The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more
10/19/2018
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Duty to Update ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Popular ,
Risk Mitigation ,
Security Risk Assessments
States continue to amend their Data Protection and Breach Notification Requirements. Maryland and Delaware are the most recent states to pass legislation designed to bring additional precision to an organization's...more
On April 14, 2016 the European Parliament approved the European Union General Data Protection Regulation (GDPR), which replaces the EU Data Protection Directive (95/46/EC), the privacy law originally established in 1995. The...more
Hollywood Presbyterian Medical Center in Los Angeles recently paid a $17,000 ransom in bitcoins to a malware hacker who seized control of the hospital's computer systems and demanded money ransom as a condition to returning...more
On December 18, 2015, President Obama signed the 2016 Consolidated Appropriations Act. Included in this must-pass federal funding legislation is the Cybersecurity Act of 2015, which represents the most significant federal...more
On December 18, 2014, President Barack Obama signed several significant cybersecurity bills into law. These bills include the Federal Information Security Modernization Act, the Border Patrol Agent Pay Reform Act, the...more
California Governor Jerry Brown signed into law on September 30, three amendments to California's privacy laws of which every business must be aware. The amendments to the Civil Code (i) significantly broaden the scope of...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
8/21/2014
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
EHR ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
PHI ,
Popular