Security Risk Assessments

News & Analysis as of

Terrorist Attacks: The importance of adequate security measures at hotels

Hotels are targets for terrorists due to the likely presence of foreign tourists and the consequent possibility of impacting multiple nations with one attack. We blogged...more

HHS Gets Agressive: HIPAA Audits from 2016

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

SEC Examination Priorities for 2017 – What do Robots, Senior Investors, and Payment for Order Flow Have in Common?

This week, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released its Examination Priorities for 2017 that reflects certain practices, products, and services that OCIE perceives to present potentially...more

Federal Court Rules that FEC Cybersecurity Study is Exempt from FOIA Disclosure

Last week, a D.C. federal judge ruled that an investigative reporter was not entitled to a 2014 cybersecurity study performed by an outside vendor detailing vulnerabilities in the Federal Election Commission’s information...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

HIPAA Compliance – Not Just an Issue for Health Care Providers

Many people believe that compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is solely an issue for health care providers and their affiliates. However, nothing could be further from the...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Business Associate Settles HIPAA Investigation for $650,000

The U.S. Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Privacy and Security rules, has just sent a strong message that business associates are not immune from scrutiny. On June 24, 2016, in a...more

Hotels, Hospitality and Guest Privacy: Six Important Questions to Ask After the Andrews Verdict

Earlier this month, a Nashville jury awarded sportscaster Erin Andrews $55 million after she sued the companies that franchise, own and operate a hotel, alleging that the hotel improperly gave her private information to...more

CFTC Intermediaries to Adopt and Implement Cybersecurity Programs by March 1, 2016

Commencing March 1, 2016, all commodity pool operators, commodity trading advisors, futures commission merchants, retail foreign exchange dealers, investment brokers, major swap participants and swap dealers that are National...more

EU Announces Agreement on New Cybersecurity Directive

On December 7, the European Parliament and the Luxembourg Presidency of the EU Council of Ministers (Council) announced that they have reached agreement on the text of the proposed new EU Cybersecurity Directive (Directive)....more

HIPAA and Text Messaging

Text messaging is pervasive. Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology. Texting is easy, fast and efficient. It doesn’t require a laptop...more

Cybersecurity 2.0: What’s Expected of Federally Regulated Financial Institutions

As federally regulated financial institutions (FRFIs) expand their reliance on technology, employ progressively complicated and interconnected networks and systems, increase their electronic service offerings and collaborate...more

CFTC Approves NFA Interpretive Notice on Information Systems Security Programs, Including Cybersecurity Guidance

The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

“Bug Bounty” Programs Grow In Popularity

In a significant shift in the way the tech industry responds to hackers, an increasing number of companies are resorting to use of “bug bounty” programs that reward hackers who identify flaws in their company software and...more

SEC Cybersecurity Update

Results from the SEC’s First Round of Cybersecurity Examinations - On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and...more

SEC Announces Second Wave of Cyber Exams of Broker Dealers and Advisors – Is Your Firm Ready?

In April 2014, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert announcing its first cybersecurity sweep initiative. Pursuant to that initiative,...more

Privacy, Security, Risk: What You Missed At IAPP Conference

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

58 Results
|
View per page
Page: of 3
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×