The Federal Trade Commission (FTC) has launched ReportFraud.ftc.gov so consumers can report fraud directly to the FTC in a more “streamlined and user-friendly way.”...more
CYBERSECURITY -
Urgent Warning of Imminent Threat to Hospitals Issued by U.S.
Government -
On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent...more
On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.”...more
The UK National Cyber Security Centre (NCSC) issued an alert on October 16, 2020, to raise awareness “of a new remote code execution vulnerability (CVE – 2020 – 16952)”, which affects Microsoft’s SharePoint product....more
Hall County, Georgia reported on October 7, 2020, that it was the victim of a ransomware attack that disrupted some of its systems, including email and telephone services in public buildings and the sheriff’s offices....more
The National Security Agency (NSA) issued a Cybersecurity Advisory on October 20, 2020, entitled “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities,” alerting IT professionals to 25 vulnerabilities that...more
Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently...more
10/23/2020
/ Bring Your Own Device (BYOD) ,
Coronavirus/COVID-19 ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Security ,
Infectious Diseases ,
Information Technology ,
Multi-Factor Authentication ,
Popular ,
Remote Working ,
Risk Management ,
Telecommuting ,
Vulnerability Assessments
It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link...more
Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to...more
CYBERSECURITY -
Patching Gets More and More Complicated but Is Critical for
Managing Risk -
Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as...more
10/16/2020
/ Ballot Measures ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
HIPAA Breach ,
Information Governance ,
OCC ,
OCR ,
Online Safety for Children ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Morgan Stanley has settled claims by the Office of the Comptroller of the Currency (OCC) that it failed to properly decommission data centers that housed client data of its wealth-management operations two times—once in 2016...more
Late last week, October 9, 2020, the U.S. Attorney’s Office for the Northern District of New York issued a warning to the public entitled “Internet Predators: Warnings & Prevention for Families During the Pandemic and Beyond”...more
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
10/16/2020
/ Cyber Attacks ,
Electronic Medical Records ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Settlement Agreements
Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
10/16/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCC ,
Personally Identifiable Information ,
PHI
Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as manufacturers try to stay abreast of zero-day vulnerabilities and issue patches as quickly as they can....more
CYBERSECURITY -
U.S. Chamber of Commerce and FICO Release Security Guidelines
on Telework During COVID-19 -
It is no secret that companies are experiencing an increase in security incidents following the transition...more
10/9/2020
/ California Consumer Privacy Act (CCPA) ,
Chamber of Commerce ,
Construction Project ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Drones ,
FBI ,
Governor Newsom ,
Hackers ,
OCR ,
Personal Data ,
Premera Blue Cross ,
Ransomware ,
Risk Management ,
Telecommuting ,
Wifi
It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty...more
On October 6, 2020, the Federal Bureau of Investigations (FBI) issued a warning to consumers about using WiFi when teleworking from a hotel.
The FBI acknowledges that many workers are having difficulty working from home...more
10/9/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
FBI ,
Hotels ,
Infectious Diseases ,
Remote Working ,
Risk Management ,
Telecommuting ,
Virtual Private Networks ,
Wifi
Health care entities continue to face a barrage of attacks from cyber criminals, and it is widely reported that the health care industry is getting hit more frequently than any other industry. Ransomware is the name of the...more
Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4...more
10/9/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Security ,
Health Insurance ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Premera Blue Cross ,
Settlement Agreements
CYBERSECURITY -
OFAC Issues Advisory on Sanctions for Facilitating Ransomware Payments -
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to...more
10/5/2020
/ Building Inspectors ,
Business Continuity Plans ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Drones ,
Economic Sanctions ,
Financial Institutions ,
Fraud ,
Hackers ,
HIPAA Breach ,
Identity Theft ,
OCR ,
Office of Foreign Assets Control (OFAC) ,
PHI ,
Ransomware ,
Regulatory Agenda ,
Unemployment Benefits
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled...more
10/5/2020
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Digital Wallets ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
In the wake of the increase in ransomware attacks, including data exfiltration prior to or during a ransomware attack, I think it is worth the time and resources to focus on data recovery and business continuity....more
As one of the largest information technology service providers to local governments, the cyber-attack on Tyler Technologies (Tyler) in Plano, Texas is a sobering reminder of how a cyber-attack on a third-party vendor can put...more
10/5/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Contractors ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Third-Party Service Provider ,
Vendors