On October 2, the New York State Department of Health (NYSDOH) issued new cybersecurity regulations (Regulations) for all general hospitals in New York state (“hospitals”), creating a new Section 405.46 in Title 10 (Health)...more
12/11/2024
/ Amended Regulation ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Incident Response Plans ,
Information Management ,
PHI ,
Risk Assessment ,
Security and Privacy Controls ,
State Budgets ,
State Health Departments ,
Strategic Planning
The OIG, the nation’s leader in fighting fraud, waste and abuse of Medicare, Medicaid and other HHS programs, periodically publishes reports on how federal healthcare programs could improve....more
8/21/2024
/ Audits ,
Cloud Computing ,
Cloud Storage ,
Department of Children and Families (DCF) ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Reports ,
OIG ,
Risk Management ,
Security and Privacy Controls ,
Sensitive Personal Information
As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more
On Dec. 6, the Department of Health and Human Services (HHS or the Department) released what it is calling a “concept paper” on its role in cybersecurity for the healthcare sector (the HHS paper). The HHS paper is sweeping in...more
The SEC’s Cybersecurity Proposals -
The SEC has proposed four rules designed to address cybersecurity risk and management, including incident reporting by public companies....more
7/21/2023
/ Board of Directors ,
Broker-Dealer ,
Corporate Governance ,
Corporate Management ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Investment Adviser ,
Investment Companies ,
Oversight Duties ,
Policies and Procedures ,
Proposed Rules ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior...more
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or...more
As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit...more
On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting...more
For those attorneys and information governance practitioners unfamiliar with recent pedagogic advancements, “real-world problem solving” moves teaching approaches away from the classical model that assumes individuals will...more
On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will...more