The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber...more
On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022...more