News & Analysis as of

Data Protection Covered Entities

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the...more

Alert: New York Wants Its Cybersecurity Regulation to Reach Nationwide

by Cooley LLP on

On April 9, 2017, Maria Vullo, the New York Department of Financial Services (NYDFS) superintendent, pronounced to state insurance commissioners that New York's new cybersecurity regulation could be the model for other...more

New York Cybersecurity Regulations: What Do They Mean and When Do They Mean it By?

by Morrison & Foerster LLP on

The New York State Department of Financial Services (NYDFS) has released guidance for covered financial institutions regarding its cybersecurity rule (the “Cybersecurity Rule” or “Rule”) that took effect on March 1, 2017. ...more

New York Department of Financial Services Implements New “First-in-the-Nation” Cybersecurity Regulations

by Blank Rome LLP on

As of March 1, 2017, New York financial institutions subject to the oversight of the New York Department of Financial Services (“DFS”) are required to comply with a new cybersecurity regulatory scheme. Compliance deadlines...more

Cybersecurity and Data Privacy: Department of Financial Services Issues Final Cybersecurity Regulations With Broad Implications...

On February 16, 2017, the New York State Department of Financial Services ("DFS") issued final cybersecurity regulations, with extensive new requirements for cybersecurity programs by entities regulated by DFS ("Covered...more

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

by BakerHostetler on

On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take...more

Orrick's Financial Industry Week In Review

Financial Industry Developments - New York Department of Financial Services Promulgates First-in-the-Nation State Cybersecurity Regulation - On February 16, 2017, the New York Department of Financial Institutions...more

HIPAA Enforcement Update (October 2016 – January 2017)

by Locke Lord LLP on

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

by Pepper Hamilton LLP on

A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

by Arnall Golden Gregory LLP on

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

The New York Department of Financial Services’ Cybersecurity Regulation Will Soon Take Effect

by Saul Ewing LLP on

The New York Department of Financial Services (“NYDFS”) is in the final days of accepting public comment on its revised cybersecurity regulation, which would be codified at 23 NYCRR 500. As the comment period winds down to a...more

Orrick's Financial Industry Week In Review

Financial Industry Developments - Prohibition on Dealing or Investing in Industrial or Commercial Metals - On January 3, 2017, the Office of the Comptroller of the Currency (the "OCC") finalized a rule that...more

New York State Revises “First-In-Nation” Cybersecurity Rules

The New York Department of Financial Services (“DFS”) recently issued a revised version of the cybersecurity rules that it first announced in the fall of last year. The rules apply to a wide range of insurance, banking, and...more

Although Delayed, New York's Aggressive Cybersecurity Law Expected to Affect Financial Services and Insurance Firms

by Wiggin and Dana LLP on

The regulatory environment for cybersecurity is rapidly changing, and state legislatures are not waiting for Congress to act. On December 28, 2016, the New York State Department of Financial Services ("NYDFS") revised a...more

New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines

As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

by Davis Wright Tremaine LLP on

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

NY Financial Services Companies’ 2017 Resolution: Cybersecurity

by Foley & Lardner LLP on

The New York State Department of Financial Services (DFS) made headlines back in late September with a “first-in-the-nation” piece of legislation aimed at mandating specific cybersecurity protocols for banks, insurance...more

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

by BakerHostetler on

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to...more

OCR Warns of Phishing Campaign Disguised as Official OCR Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Monday describing a phishing campaign disguised as an email from OCR. The email is being circulated on mock HHS...more

Banks to Broaden Reporting of Suspicious Cyber Activity; Regulators Propose “Enhanced” Cybersecurity Standards

by Carlton Fields on

The fourth quarter of 2016 has seen an uptick in regulatory activity respecting the financial services sector in the cybersecurity space, both at the state level as previously discussed (here) and on the federal level....more

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

by BakerHostetler on

Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

by BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

by Stinson Leonard Street on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

119 Results
|
View per page
Page: of 5
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!