News & Analysis as of

Covered Entities Cyber Attacks

Fisher Phillips

Don't Forget About ERISA in Your Health Plan’s Cybersecurity Efforts: Important Reminders for Plan Fiduciaries in the Wake of...

Fisher Phillips on

Earlier this year, a cyberattack on a leading healthcare claims processing provider had an unprecedented impact on patients and healthcare providers across the country. While group health plans were not directly targeted in...more

Holland & Knight LLP

Change Healthcare Cybersecurity Incident: Financial Impact and Resulting Litigation

Holland & Knight LLP on

On Feb. 21, 2024, the ransomware hacker group ALPHV, otherwise known as "BlackCat," disabled Change Healthcare's nationwide healthcare billing and information systems and demanded a ransom to unlock them....more

Fisher Phillips

Insider Threats to Healthcare Data: What You Need to Know and 5 Steps You Can Take Now

Fisher Phillips on

Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more

Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

ArentFox Schiff

Key Takeaways from OCR’s CY22 HIPAA Reports to Congress

ArentFox Schiff on

On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more

Jones Day

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Jones Day on

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

Schwabe, Williamson & Wyatt PC

Comments Sought on Proposed Requirements of the Cyber Incident Reporting for Critical ‎Infrastructure Act

On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more

Venable LLP

CIRCIA: Cyber Incident Reporting for Practically Everyone?

Venable LLP on

A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more

Constangy, Brooks, Smith & Prophete, LLP

CISA issues proposed regs on cyber incident reporting

Yesterday, March 27, the U.S. Cybersecurity and Infrastructure Security Agency published the Notice of Proposed Rulemaking under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. It is important to note...more

Bricker Graydon LLP

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

McGuireWoods LLP

Office for Civil Rights Settlement May Signal Increasing Scrutiny for Ransomware Attacks

McGuireWoods LLP on

On Oct. 31, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced it had settled with Doctors’ Management Services Inc. (DMS) over a self-reported ransomware attack that occurred in...more

BCLP

Cyber Incident Reporting for Critical Infrastructure Act - What Companies Need to Know Now

BCLP on

The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more

Tucker Arensberg, P.C.

2022 Budget Bill Includes Mandatory Healthcare Cyber Incident Reporting

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), was passed as part of the consolidated Budget Act for 2022, which also included the telehealth provisions. The definition of “covered entity” in the...more

Eversheds Sutherland (US) LLP

The Cyber Incident Reporting for Critical Infrastructure Act of 2022

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), passed as part of the omnibus spending bill on March 15, 2022, will require critical infrastructure companies - which could include financial...more

Benesch

New Critical Infrastructure Cybersecurity Implementing New Breach Notification Requirements Signed into Law

Benesch on

The new law will require critical infrastructure entities to report certain covered cybersecurity incidents to government agencies within 72 hours; ransomware payments within 24 hours. On March 15, President Biden signed...more

BakerHostetler

Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure - What...

BakerHostetler on

In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is...more

Alston & Bird

New Cybersecurity Law Will Require Cyber-Incident Reporting for Critical Infrastructure

Alston & Bird on

On March 1, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which will require critical infrastructure companies to report significant cyber-incidents and all ransom payments to the...more

Foster Garvey PC

New Reporting Requirements for Critical Infrastructure and Businesses

Foster Garvey PC on

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 ("the Act") was signed into law by the President on March 15, 2022, as part of the Consolidated Appropriations Act. The purpose of the Act is to educate...more

NAVEX

Strengthening American Cybersecurity Act of 2022

NAVEX on

On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more

Health Care Compliance Association (HCCA)

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

Faegre Drinker Biddle & Reath LLP

Feds Hope to Tighten Timeline for Agency Reporting of Cyberattacks as Congress Debates Federal Data Breach Notification Law

On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this...more

Health Care Compliance Association (HCCA)

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

Health Care Compliance Association (HCCA)

Compliance Refresher: Get Cozy With IT Folks, Review Insurance, Fine-Tune Policies, Training

Report on Patient Privacy 21, no. 11 (November, 2021) - Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more

Health Care Compliance Association (HCCA)

FBI: More Awareness, Due Diligence Needed To Fight China in New ‘Space Race’ for Data

Report on Patient Privacy 21, no. 10 (October, 2021) - Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an...more

Sheppard Mullin Richter & Hampton LLP

OCR Urges Private Sector to Beef Up Ransomware Protections

Echoing other agencies in recent weeks, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued an alert sharing resources to address and protect institutions against the recent influx of...more

62 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide