News & Analysis as of

Risk Management Covered Entities

NYDFS Updates FAQs to Clarify Cybersecurity Regulations

by Ballard Spahr LLP on

The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more

How Can Healthcare Organizations Prepare for the Next Cyberattack?

by Latham & Watkins LLP on

HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more

Funds Talk: June 2017 - Incident Response Plans Form an Essential Part of Cybersecurity Frameworks

Cybersecurity has increasingly moved into the spotlight in recent years, with regulators and financial firms alike clambering to keep pace with rapidly changing demands as threats continue to evolve....more

Officer and director checklist: Complying with the global reach of the New York Department of Financial Services Cybersecurity...

by White & Case LLP on

The New York State Department of Financial Services (NYDFS) issued Cybersecurity Requirements for Financial Services Companies (the "Cybersecurity Regulation") effective March 1, 2017. The regulation imposes tight compliance...more

Securing ePHI in a Mobile Health World

Could a lost cell phone or laptop cost your organization millions of dollars? Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. ...more

Orrick's Financial Industry Week In Review

Financial Industry Developments - New York Department of Financial Services Promulgates First-in-the-Nation State Cybersecurity Regulation - On February 16, 2017, the New York Department of Financial Institutions...more

Lessons Learned from Recent OCR Settlements

by Ruder Ware on

We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

by Pepper Hamilton LLP on

A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more

NYDFS: A Lawyer’s Responsibility

New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations in Coming Weeks - On December 28, 2016, the New York Department of Financial Services (NYDFS) issued revised cybersecurity regulations...more

New York State Revises “First-In-Nation” Cybersecurity Rules

The New York Department of Financial Services (“DFS”) recently issued a revised version of the cybersecurity rules that it first announced in the fall of last year. The rules apply to a wide range of insurance, banking, and...more

New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines

As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more

Banks to Broaden Reporting of Suspicious Cyber Activity; Regulators Propose “Enhanced” Cybersecurity Standards

by Carlton Fields on

The fourth quarter of 2016 has seen an uptick in regulatory activity respecting the financial services sector in the cybersecurity space, both at the state level as previously discussed (here) and on the federal level....more

OCR Stresses Importance of Authentication in Newsletter

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

Federal Regulators Unveil Proposed Cybersecurity Standards for Large Financial Firms

by Bracewell LLP on

On October 19, 2016, federal regulators issued an Advance Notice of Proposed Rulemaking titled “Enhanced Cyber Risk Management Standards.” The draft standards, jointly released by the Federal Reserve, the Federal Deposit...more

Morgan Lewis Urges NYDFS to Modify Proposed Cybersecurity Rules

by Morgan Lewis on

The New York Department of Financial Services has issued proposed “first-in-the-nation” cybersecurity rules that could place a heavy compliance burden on affected financial companies; Morgan Lewis submitted a comment letter...more

Just Released Proposed Cyber Risk-Management Update for the Financial Sector

by Morgan Lewis on

On October 19, US banking agencies released an advanced notice of proposed rulemaking (ANPR) seeking comments on enhanced cybersecurity standards. These standards potentially would apply to ..US bank holding companies...more

New York Financial Regulators Introduce Robust Cybersecurity Regulations

New York’s Department of Financial Services (“NYDFS”) recently proposed cybersecurity regulations intended to protect consumers and financial institutions from the ongoing threat of cyber-attacks. NYDFS’s proposed...more

Emerging Trends Newsletter - Q3

by Stinson Leonard Street on

We are thrilled to bring you the third installment of Stinson Leonard Street's Emerging Trends newsletter. We are proud of the depth and breadth of experience and knowledge across our firm's 13 offices nationwide and are...more

The New York State Department of Financial Services Proposes Robust Cybersecurity Rules

On September 13, 2016, the New York State Department of Financial Services (DFS) proposed new rules that would require certain “Covered Entities” to establish and implement cybersecurity programs designed to protect nonpublic...more

OCR Issues Guidance on HIPAA and Cloud Computing

by Saul Ewing LLP on

On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The...more

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions...more

New York's DFS Proposed Cybersecurity Regulations for Financial Institutions

New York's Department of Financial Services (DFS) has a proposed broad-reaching cybersecurity regulation that would impose new corporate governance, risk management and vendor management requirements on banks and other...more

Taking Measure of HIPAA Enforcement

Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more

Privacy & Cybersecurity Update: New York State Proposes Cybersecurity Regulation for Financial Institutions

New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more

HIPAA Audit Check-Up – Where We Are and What’s to Come

by Davis Wright Tremaine LLP on

Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. ...more

43 Results
|
View per page
Page: of 2
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.