Data Protection Covered Entities

News & Analysis as of

New York Department of Financial Services Implements New “First-in-the-Nation” Cybersecurity Regulations

As of March 1, 2017, New York financial institutions subject to the oversight of the New York Department of Financial Services (“DFS”) are required to comply with a new cybersecurity regulatory scheme. Compliance deadlines...more

Cybersecurity and Data Privacy: Department of Financial Services Issues Final Cybersecurity Regulations With Broad Implications...

On February 16, 2017, the New York State Department of Financial Services ("DFS") issued final cybersecurity regulations, with extensive new requirements for cybersecurity programs by entities regulated by DFS ("Covered...more

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take...more

Orrick's Financial Industry Week In Review

Financial Industry Developments - New York Department of Financial Services Promulgates First-in-the-Nation State Cybersecurity Regulation - On February 16, 2017, the New York Department of Financial Institutions...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

The New York Department of Financial Services’ Cybersecurity Regulation Will Soon Take Effect

The New York Department of Financial Services (“NYDFS”) is in the final days of accepting public comment on its revised cybersecurity regulation, which would be codified at 23 NYCRR 500. As the comment period winds down to a...more

Orrick's Financial Industry Week In Review

Financial Industry Developments - Prohibition on Dealing or Investing in Industrial or Commercial Metals - On January 3, 2017, the Office of the Comptroller of the Currency (the "OCC") finalized a rule that...more

New York State Revises “First-In-Nation” Cybersecurity Rules

The New York Department of Financial Services (“DFS”) recently issued a revised version of the cybersecurity rules that it first announced in the fall of last year. The rules apply to a wide range of insurance, banking, and...more

Although Delayed, New York's Aggressive Cybersecurity Law Expected to Affect Financial Services and Insurance Firms

The regulatory environment for cybersecurity is rapidly changing, and state legislatures are not waiting for Congress to act. On December 28, 2016, the New York State Department of Financial Services ("NYDFS") revised a...more

New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines

As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

NY Financial Services Companies’ 2017 Resolution: Cybersecurity

The New York State Department of Financial Services (DFS) made headlines back in late September with a “first-in-the-nation” piece of legislation aimed at mandating specific cybersecurity protocols for banks, insurance...more

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to...more

OCR Warns of Phishing Campaign Disguised as Official OCR Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Monday describing a phishing campaign disguised as an email from OCR. The email is being circulated on mock HHS...more

Banks to Broaden Reporting of Suspicious Cyber Activity; Regulators Propose “Enhanced” Cybersecurity Standards

The fourth quarter of 2016 has seen an uptick in regulatory activity respecting the financial services sector in the cybersecurity space, both at the state level as previously discussed (here) and on the federal level....more

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Best Practices for Safeguarding Protected Health Information in Inclement Weather

As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more

116 Results
|
View per page
Page: of 5
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×