National Institute of Standards and Technology

News & Analysis as of

Blog: FDA Issues Draft Guidance on Medical Device Cybersecurity

Recently, the U.S. Food and Drug Administration (FDA) published draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (the Guidance) that sets forth ways in which medical device manufacturers...more

Government Contractors Brace For Continuing Changes in Cybersecurity Regulations

The federal government has responded to recent data breaches by making cybersecurity a top priority, and it continues to consider and implement a number of regulations that affect government contractors. Over the past...more

FDA Issues Postmarket Cybersecurity Recommendations for Medical Devices

On January 22, 2016, the federal Food and Drug Administration (“FDA”) issued a draft guidance outlining postmarket recommendations for medical device manufacturers to address cybersecurity risks. The draft guidance details...more

FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with...

Medical devices increasingly contain software or connect to networks that may leave the devices vulnerable to cyber-attacks. The U.S. Food and Drug Administration (“FDA”) has recognized the potential risks that these...more

NIST seeks comments on randomness to protect sensitive information

The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean...more

New Bill Would Require Cybersecurity Disclosures by Publicly Traded Companies

Why it matters - In the continuing efforts to enact cybersecurity legislation and advise the public about cybersecurity preparedness, a new bill introduced in the Senate would mandate that publicly traded companies...more

Cybersecurity In Postmarket Medical Devices: New Guidance From The FDA

On January 22, 2016, the U.S. Food and Drug Administration ("FDA") issued draft guidance for the medical device industry. The guidance outlines the steps medical device manufacturers should take to monitor, identify, and...more

Cybersecurity Act Of 2015 Aims To Bolster Cybersecurity In Health Care Industry

Section 405 of Title IV of the Cybersecurity Act is tailored specifically to cybersecurity matters affecting public and private health care entities. Section 405 of Title IV seeks to improve the cybersecurity landscape in...more

FDA Issues Draft Guidance Governing Postmarket Cybersecurity Risk Management Standards

On January 15, 2016, the U.S. Food and Drug Administration (FDA) announced in a Press Release that it would issue draft guidance on January 22 outlining “steps medical device manufacturers should take to continually address...more

The gift of time: A second DOD interim rule grants contractors additional time to comply with cyber security requirements

The US Department of Defense (DOD) earlier today issued a second interim rule, effective immediately, that gives affected contractors until December 31, 2017, to implement fully compliant cyber security controls....more

FDA issues guidance on cybersecurity risk management for medical devices

Friday (January 22, 2016), the Food and Drug Administration (FDA) published draft guidance for medical device makers on the importance of including cybersecurity measures in approved products. Further, the guidance highlights...more

Cybersecurity and Data Breaches: How In-House Counsel Can Engage the Board

A company's board of directors has a duty to oversee all aspects of the company's risk management efforts. This includes a duty to recognize and minimize the company's exposure to cyber attacks. In today's increasingly...more

Washington Healthcare Update

This Week: The House is not in session this week... The Senate returns today... Committees in the Senate will hold hearings on co-ops and mental health... Vice President Biden will attend the World Economic Forum in...more

Henry Schein Settles FTC Charges of Deceptive Advertising of Dentrix G5

Data encrypted in accordance with the Advanced Encryption Standard (“AES”) gives dentists a “safe harbor” in the event of certain breaches of patient information. However, those relying on Henry Schein’s Dentrix G5 software...more

BIMCO issues cybersecurity guidelines for ships

Last week, BIMCO, along with other shipping organizations, “launched” guidelines “to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident on-board...more

China Released the Latest Classification Catalogue of Telecommunications Services (2015 Revision)

On December 28, 2015, the Ministry of Industry and Information Technology of China (the MIIT) released the newly revised Classification Catalogue of Telecommunications Services (2015 Catalogue) and the new Catalogue is due to...more

False Claims about Encryption Cost an Arm, a Leg, and a Tooth

Earlier this month, Henry Schein Practice Solutions, Inc. (“Schein”), a provider of office management software to dental practices, learned the hard way that exaggerating the capabilities of its products can be very costly....more

Also In the News - Data, Privacy, & Security Practice Report - December 2015 #2

Harmonizing Cybersecurity And Trade Secret Protection – Many companies are investing heavily in cybersecurity and implementing a framework such as the Cybersecurity Framework from the National Institute of Standards and...more

Comment period for NIST guide “Model Device Security” coming to a close

The National Cybersecurity Center of Excellence (NCCoE) has announced that the comment period for the draft NIST Cybersecurity Practice Guide “Mobile Device Security: Cloud& Hybrid Builds” will close on January 8, 2016....more

NIST IoT Framework Raises Interesting Cybersecurity and Data Privacy Challenges

The National Institute of Standards and Technology (NIST) released the draft Framework for Cyber-Physical Systems, which is intended to provide an outline for the development and maintenance of secure, interoperable Internet...more

As if a 20-Year Consent Order Wasn’t Enough Fun: FTC Brings First Monetary Settlement in Information Security Case

The FTC reached a $250,000 settlement with a 20-year consent order with Henry Schein Practice Solutions, Inc. over its use of allegedly subpar encryption technology in its offering to dental practices. This settlement is...more

DoD Grants Contractors a Reprieve: Cybersecurity Compliance is Delayed

The U.S. Department of Defense (DoD) released interim rules on Aug. 26, 2015, setting forth (i) information system security requirements; (ii) mandatory cyber breach reporting; and (iii) cloud computing standards and...more

Department of Defense Provides Government Contractors a Grace Period for Compliance with Key Cybersecurity Requirements

In response to industry concerns and comments, on December 30, 2015, the Department of Defense issued a new interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity rules promulgated...more

UPDATE: DoD Cybersecurity Rules Expand Contractors’ and Other DoD Awardees’ Obligations to Safeguard Sensitive Data and Report...

On December 30, 2015, DoD published an interim rule, effective immediately, amending portions of the August Rule. Most importantly, pursuant to the new rule, contractors administering covered information systems that are not...more

Government Forces Awaken: The Rise of Cyber Regulators in 2016

As the sun sets on 2015, but before it rises again in the New Year, we predict that, in the realm of cyber and data security, 2016 will become known as the “Rise of the Regulators.” Regulators across numerous industries and...more

274 Results
|
View per page
Page: of 11

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×