Adam Cohen

Adam Cohen

BakerHostetler

Contact
View Bio
RSS

Latest Publications

Share:

Looking in the Mirror: HHS OIG Audit Demonstrates HHS Agency’s Own Need for Focus on Cloud Security

The OIG, the nation’s leader in fighting fraud, waste and abuse of Medicare, Medicaid and other HHS programs, periodically publishes reports on how federal healthcare programs could improve....more

8/21/2024  /  Audits , Cloud Computing , Cloud Storage , Department of Children and Families (DCF) , Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , Information Reports , OIG , Risk Management , Security and Privacy Controls , Sensitive Personal Information

HHS Publishes ‘Voluntary’ Healthcare Cybersecurity Performance Goals in Record Time but Leaves Questions Unanswered

As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more

2/9/2024  /  Compliance , Cybersecurity , Data Protection , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , NIST , OCR , Risk Mitigation

HHS ‘Concept Paper’ Forecasts Stormy Cybersecurity Compliance Weather: New Cybersecurity Requirements and Increased Enforcement to...

On Dec. 6, the Department of Health and Human Services (HHS or the Department) released what it is calling a “concept paper” on its role in cybersecurity for the healthcare sector (the HHS paper). The HHS paper is sweeping in...more

1/3/2024  /  Cybersecurity , Data Breach , Data Protection , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Information Reports , OCR , White Papers

The SEC's Proposed Cybersecurity Rules: Regulatory Delay Does Not Bless Standing By

The SEC’s Cybersecurity Proposals - The SEC has proposed four rules designed to address cybersecurity risk and management, including incident reporting by public companies....more

7/21/2023  /  Board of Directors , Broker-Dealer , Corporate Governance , Corporate Management , Cybersecurity , Disclosure Requirements , Enforcement Actions , Investment Adviser , Investment Companies , Oversight Duties , Policies and Procedures , Proposed Rules , Publicly-Traded Companies , Risk Assessment , Risk Management , Securities and Exchange Commission (SEC)

OCR releases YouTube Addressing “Recognized Security Practices” in HIPAA Enforcement Context

As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior...more

11/14/2022  /  Business Associates , Covered Entities , Data Protection , Data Security , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , NIST , OCR , PHI

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

​​​​​​​Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or...more

8/5/2022  /  Cybersecurity , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , New Guidance , NIST , Popular , Risk Assessment , Risk Management

Federal Banking Regulators Issue 36-Hour Computer-Security Incident Notification Requirement

As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit...more

12/16/2021  /  Banking Sector , Cyber Incident Reporting , Data Breach , Data Security , FDIC , Federal Bank Regulatory Agencies , Financial Services Industry , Notification Requirements , OCC

SEC Cybersecurity Actions Against Registered Firms for Business Email Compromises Emphasize Importance of MFA

On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting...more

9/14/2021  /  Broker-Dealer , Cybersecurity , Data Protection , Data Security , Investment Adviser , Regulation S-P , Securities and Exchange Commission (SEC)

Pairing Real-World™ Problems with Realistic Solutions – a Push for Practical Information Governance

For those attorneys and information governance practitioners unfamiliar with recent pedagogic advancements, “real-world problem solving” moves teaching approaches away from the classical model that assumes individuals will...more

6/21/2021  /  Data Collection , Data Management , Data Security , Electronically Stored Information , Information Governance

A Risk-Based Approach to the SolarWinds Vulnerability Disclosures

On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will...more

1/7/2021  /  Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Data Security , Hackers , Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) , Malware , SolarWinds
10 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide