We previously reported on the unfortunate data breach suffered by 23andMe last month and its implications. We never imagined how horrible it could be....more
We have posted blogs before on sharing genetic information and the risk associated with the disclosure of such sensitive information.
Unfortunately, our concerns have been realized....more
CYBERSECURITY -
CISA Launches Cybersecurity Public Awareness Campaign -
To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA...more
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan....more
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot....more
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the...more
9/8/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
Ransomware ,
The Joint Commission
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than...more
9/7/2023
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Elder Issues ,
Federal Trade Commission (FTC) ,
Risk Management ,
Scams
CYBERSECURITY -
SEC Adopts New Cybersecurity Rules for Public Companies -
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public...more
7/28/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Machine Learning ,
Securities and Exchange Commission (SEC)
On Monday, July 24, 2023, Apple issued a security update to address vulnerabilities that have been linked to a spyware campaign. iOS 16.6 fixes 25 iPhone security flaws, several of which are being exploited by threat actors...more
7/28/2023
/ Apple ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Information Technology ,
iPhone ,
Mobile Devices ,
Network Security ,
Operating System Developers ,
Risk Management ,
Vulnerability Assessments
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies.
The rules, which will become effective thirty days after publication in...more
7/28/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Regulatory Reform ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
CYBERSECURITY -
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP -
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
7/24/2023
/ Adobe ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
EU ,
Hackers ,
Machine Learning ,
Vulnerability Assessments
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023, announced patches for CVE-2023-29298, an improper access control issue that can lead to a security...more
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
7/10/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Information Technology ,
Risk Mitigation ,
Vulnerability Assessments
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
CYBERSECURITY -
Joint Advisory on MOVEit Transfer Vulnerability Published -
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The...more
CYBERSECURITY -
Clop Claims Zero-Day Attacks Against 130 Organizations -
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in...more
3/31/2023
/ Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Hackers ,
Ransomware ,
Russia
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
3/30/2023
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Legal Representatives ,
New York ,
PHI ,
State Attorneys General
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
3/24/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
TikTok ,
Vulnerability Assessments
CYBERSECURITY -
World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak -
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
2/9/2023
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Technology ,
Popular ,
Social Engineering ,
Vulnerability Assessments
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although...more
2/3/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Popular ,
Risk Mitigation ,
Vulnerability Assessments ,
World Economic Forum
DATA PRIVACY -
Businesses Struggle to Comply with CPRA without Final Regulations -
As companies hustle to follow the new California Privacy Rights Act (CPRA) regulations, they’ve hit a substantial hiccup: there aren’t...more
As companies hustle to follow the new California Privacy Rights Act (CPRA) regulations, they’ve hit a substantial hiccup: there aren’t any yet. The California Privacy Rights Agency (CPPA), the newly- created body with...more
11/10/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
10/13/2022
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Microsoft ,
Risk Management ,
Risk Mitigation ,
Vulnerability Assessments
CYBERSECURITY -
FBI Issues Notice to Health Industry Highlighting Risks of Unpatched Medical Devices -
The FBI issued a Private Industry Notification targeted to the health care sector on September 12, 2022, warning...more
9/19/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Security ,
FBI ,
Hackers ,
Identity Theft ,
Online Safety for Children ,
Personally Identifiable Information ,
Vulnerability Assessments
This week, in addition to the news-catching, ongoing dispute between Twitter and Elon Musk, Twitter’s former head of cybersecurity, Peiter Zatko, claimed in a whistleblower filing with several federal agencies that Twitter...more
8/26/2022
/ Bots ,
Data Collection ,
Data Protection ,
Data Security ,
Elon Musk ,
Federal Trade Commission (FTC) ,
Government Investigations ,
Internet ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Social Networks ,
Twitter ,
Vulnerability Assessments