Generative AI is incredibly popular. So popular that many GenAI tools now have browser extensions that work across all open pages of the browsers upon which they are installed. They helpfully summarize pages, highlight...more
3/17/2025
/ Artificial Intelligence ,
Compliance ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Intellectual Property Protection ,
Popular ,
Privacy Laws ,
Risk Management
New York State’s Department of Financial Services is warning all regulated entities has released a Cybersecurity Regulation Updates and Reminder warning all companies that all regulated entities without a full exception that...more
The New York Department of Financial Services (DFS) has issued guidance, in the form of an industry letter, on addressing cybersecurity risks arising from artificial intelligence (AI) under its cybersecurity regulation, 23...more
10/18/2024
/ Artificial Intelligence ,
Classification ,
Cybersecurity ,
Data Privacy ,
Financial Services Industry ,
Incident Response Plans ,
Information Governance ,
New Guidance ,
NIST ,
NYDFS ,
Risk Assessment ,
Third-Party Service Provider ,
Training
The Office of Information and Regulatory Affairs (OIRA) recently cleared the final rule for the U. S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, putting the agency one step closer to...more
9/30/2024
/ Certification Requirements ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Information Technology ,
New Rules ,
OIRA ,
Vendors
A ransomware attack on Change Healthcare, a technology company owned by UnitedHealth that touches one of every three U.S. patient records, has resulted in hospitals and pharmacies across New York facing a cash crunch.
The...more
New York Gov Kathy Hochul is touting her proposed statewide cybersecurity regulations for hospitals and health systems as “nation-leading,” and, if approved, those entities will have until February 2025 to comply with the new...more
11/20/2023
/ Chief Information Security Officer (CISO) ,
Community Health Systems ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
New Regulations ,
New York ,
PHI ,
Security Risk Assessments
The National Institute of Standards and Technology (NIST) released a new draft of its cybersecurity framework on Aug 8, providing updated guidance for industries, government agencies and other organizations on reducing...more
New York’s Department of Financial Services signaled once again its intent to strongly enforce the state’s Cybersecurity Regulation by finding OneMain Financial Group violated the law in several ways and imposing a $4.25...more
After dozens of class-action lawsuits filed against health care providers across the country alleging their websites shared patient information with social media sites such as Facebook and Instagram, providers are again urged...more
In recent years, several states have passed comprehensive privacy laws regulating how businesses must handle personal information. California, Colorado, and Virginia are among the states leading this charge. While each...more
A major healthcare system recently experienced a ransomware attack that affected patient care, showing once again the importance of hospitals and other healthcare facilities implementing comprehensive cybersecurity plans. ...more
The recent ransomware attack targeting Los Angeles Unified School District is another frightening reminder school districts are especially vulnerable to hackers and must continuously assess all of the individual systems...more
Division Y – Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law by President Biden on March 15. Highlights of the Act include: ...more
4/5/2022
/ Biden Administration ,
Chemicals ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Dams ,
Department of Agriculture ,
Energy Sector ,
Financial Services Industry ,
Healthcare ,
Information Technology ,
Infrastructure ,
Manufacturers ,
Nuclear Power ,
Public Health ,
Ransomware ,
Supply Chain ,
Transportation Industry ,
Wastewater
Fears of cybersecurity attacks are mounting in the wake of the Russian invasion of Ukraine. From the war itself, a number of malware variants have been created and are circulating on the internet....more
3/3/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Malware ,
Multi-Factor Authentication ,
Popular ,
Ransomware ,
Russia ,
Supply Chain ,
Ukraine
School districts must consider the sanctity and privacy of data they maintain, as a recent decision underscores from the New York State Education Department’s Office of the Chief Privacy Officer. This alert explains the...more
2/11/2022
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Educational Institutions ,
FERPA ,
New York ,
Personally Identifiable Information ,
Public Schools ,
State and Local Government
Technology provides law firms with enormous opportunities to improve client service – in part, by streamlining and automating labor-intensive tasks in a way that frees attorneys to focus on a client’s most-pressing...more
The explosion of telemedicine and telehealth, or virtual patient care and monitoring, presents many opportunities for enhanced, more streamlined care. But it also threatens to outpace laws regarding the delivery of care, as...more
10/26/2021
/ Compliance ,
Coronavirus/COVID-19 ,
Digital Health ,
Electronic Protected Health Information (ePHI) ,
Flexibility Clauses ,
PHI ,
Privacy Laws ,
Public Health Service (PHS) ,
Quarantine ,
State Privacy Laws ,
Telehealth ,
Telemedicine
A cynical online commenter once wrote this about the data collection practices of the online news site Digg: “If you are not paying for it, you’re not the customer; you’re the product being sold.”
This is true of almost...more
7/9/2021
/ California Consumer Privacy Act (CCPA) ,
Cookies ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
New York ,
Personal Information ,
Popular ,
Proposed Legislation ,
Proposed Regulation ,
Web Tracking
The New York State Department of Financial Services (DFS) announced the $1.5 million settlement of its investigation of Residential Mortgage Services (RMS) surrounding the unauthorized access to an email account which...more
3/18/2021
/ Cyber Incident Reporting ,
Cybersecurity ,
Mortgages ,
National Security Agency (NSA) ,
NYDFS ,
Phishing Scams ,
Popular ,
Reporting Requirements ,
Security Risk Assessments ,
Sensitive Personal Information ,
Settlement
The New York State Department of Financial Services (DFS) issued a letter to the cyber insurance community on February 4, 2021 that should signal a warning to many other businesses seeking to obtain or keep their...more
As if this fall weren’t hectic enough, school districts now need to prioritize compliance with a critical new regulation expanding New York state’s Education Law 2D. In effect since October 1, regulation Part 121 places new...more
10/8/2020
/ Best Practices ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
New Regulations ,
Privacy Policy ,
Risk Assessment ,
School Districts ,
Students ,
Third-Party ,
Vendors
COVID-19 has had a dramatic impact on nearly all aspects of organizations nationwide – from employee safety to reimagined workplaces to financial hardships. But cyber protection and response during the pandemic cannot take a...more
6/24/2020
/ California Consumer Privacy Act (CCPA) ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Ransomware
In addition to the upheaval and emergency measures taken to combat the COVID-19 virus, organizations are increasingly vulnerable to cyber-attacks. A key driver of that vulnerability is an at-home workforce using older...more
4/13/2020
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Personal Data ,
Personally Identifiable Information
January 14, 2020, the Board of Regents formally adopted Part 121 to the Commissioner’s Regulations to implement Education Law § 2-d. The regulation will become effective January 29, 2020. This regulation primarily addresses...more
1/15/2020
/ Board of Regents ,
Contract Amendments ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
New Regulations ,
NIST ,
Privacy Policy ,
Public Schools ,
School Districts ,
Security and Privacy Controls ,
Software ,
State Education Departments ,
Third-Party Service Provider ,
Vendors
New guidance issued jointly by the U.S. Department of Education and the U.S. Department of Health and Human Services advises schools that most health information relating to students at federally-funded elementary and...more
12/24/2019
/ Department of Education ,
Department of Health and Human Services (HHS) ,
Educational Institutions ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
Public Schools ,
School Districts ,
Student Privacy ,
Student Records ,
Students