On March 11, 2026, independent reports confirmed that one of the largest medical device companies in the United States was the target of a significant cyberattack attributed to Iran-linked threat actors. Although the...more
3/16/2026
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Export Controls ,
Healthcare ,
Incident Response Plans ,
Life Sciences ,
Medical Devices ,
PHI ,
Popular ,
Ransomware
The traditional separation between privacy and security is dissolving as technology and regulations force roles and responsibilities to converge. CISOs and CPOs increasingly face overlapping decisions — and overlapping...more
Last week marked an important milestone in the Cybersecurity Maturity Model Certification 2.0 (CMMC) program, the U.S. Department of Defense (DoD) program intended to ensure the security of sensitive DoD information in...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
6/10/2025
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Disclosure Requirements ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
State Privacy Laws
In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more
1/17/2025
/ Artificial Intelligence ,
Biden Administration ,
Cloud Service Providers (CSPs) ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Protection ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Internet of Things ,
NIST ,
OMB ,
Risk Management ,
Supply Chain ,
Third-Party
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Since the passage of the California Consumer Privacy Act (CCPA) in 2018, other U.S. states have followed suit by enacting comprehensive consumer data privacy laws in rapid succession. While these state consumer privacy laws...more
The recent massive data breach at National Public Data (NPD), a background check company, has potentially compromised the personal information of millions, if not billions, of individuals, including their Social Security...more
8/26/2024
/ Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Fraud ,
Hackers ,
Identity Theft ,
IRS ,
Popular ,
Risk Assessment ,
Risk Management
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On July 26, 2023, the U.S. Securities Exchange Commission (“SEC”) adopted final rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The final rules require...more
8/4/2023
/ Annual Reports ,
Customer Proprietary Network Information (CPNI) ,
Cybersecurity ,
Disclosure Requirements ,
FBI ,
Foreign Private Issuers ,
Form 8-K ,
Incident Response Plans ,
New Rules ,
Regulation S-K ,
Regulation S-X ,
Risk Management ,
Secret Service ,
Securities and Exchange Commission (SEC)
Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more
7/21/2023
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
Electronic Medical Records ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
Personally Identifiable Information ,
PHI ,
Privacy Laws ,
State Privacy Laws
Health care, like most industries, is grappling with the proliferation of artificial intelligence (AI) and the novel risks and benefits it presents. Balancing these risks and benefits can be especially challenging for...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Foley & Lardner LLP is closely monitoring the rapidly changing landscape surrounding the recent bank insolvencies.
On Tuesday, March 21, at 5:00 p.m. CT, Foley hosted a webinar where a panel of presenters discussed the...more
The New Year is in full swing and it’s time to consider the top trends in cybersecurity & data privacy our team expects to see throughout 2023. It will be an exciting year due to the myriad of new laws coming into effect, and...more
3/31/2023
/ Artificial Intelligence ,
Automation Systems ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
2/22/2023
/ Breach Notification Rule ,
Civil Monetary Penalty ,
Compliance ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
NIST ,
OCR ,
PHI ,
Risk Management
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The California Privacy Protection Agency (CPPA) quietly issued the first draft of the California Consumer Privacy Act (CPRA) regulations and an Initial Statement of Reasons by attaching them to the June 8 board meeting...more
On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more
On March 9, 2022, the U.S. Securities Exchange Commission (the Commission) announced proposed amendments to its rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies...more
3/18/2022
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
Foreign Private Issuers ,
Investors ,
Popular ,
Proposed Amendments ,
Risk Assessment ,
Risk Factors ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
In 2022, automotive suppliers face many of the same issues that have bedeviled the industry throughout 2021, as well as a host of all-new challenges. Unfortunately, as with many aspects of pre-pandemic life, the relative...more
3/17/2022
/ Automotive Industry ,
Biden Administration ,
Coronavirus/COVID-19 ,
Corruption ,
Department of Justice (DOJ) ,
Department of Transportation (DOT) ,
Electric Vehicles ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Corrupt Practices Act (FCPA) ,
Hart-Scott-Rodino Act ,
IMMEX ,
Infrastructure Investment and Jobs Act (IIJA) ,
Mexico ,
Motor Vehicles ,
National Security ,
NHTSA ,
Notice of Proposed Rulemaking (NOPR) ,
OEM ,
Office of Foreign Assets Control (OFAC) ,
OMB ,
Supply Chain ,
Supply Shortages ,
U.S. Treasury ,
Vertical Mergers
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
What would you do if you woke up tomorrow and your company was experiencing a cybersecurity incident? What if IT systems were completely locked down? What if you could not use phones, check emails, or receive orders? What if...more
Defense contractors and their subcontractors and supply chains that have been preparing for the challenge of complying with the Cybersecurity Maturity Model Certification (CMMC) recently received some welcome news from the...more
11/22/2021
/ Contractors ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Fraud ,
Subcontractors ,
Supply Chain ,
Third-Party