News & Analysis as of July 16, 2025

Ransomware

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

HIPAA Security Risk Analysis – How should regulated entities prepare for the Office for Civil Rights (OCR) Risk Analysis Audit...

Ankura on 4/16/2025

Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more

Axinn Associates at the Spring Meeting: Considerations on Data Privacy and AI Usage for Healthcare Companies

Axinn, Veltrop & Harkrider LLP on 4/10/2025

The February 2024 ransomware attack on Change Healthcare was the largest healthcare data breach in U.S. history. The attack disrupted operations—impacting patient care and provider finances—and potentially exposed the...more

Business resiliency needs to take centerstage if you want to keep pace with cyber threats and supply chain disruptions

NAVEX on 4/2/2025

2024 was a year of numerous and notable cybersecurity failures – although, to be fair, most years are now marred by numerous and notable cybersecurity failures. That’s no longer anything special. What makes 2024 interesting...more

Joint Cybersecurity Advisory Released on Ghost (Cring) Ransomware

Robinson+Cole Data Privacy + Security Insider on 2/21/2025

The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more

Slew of OCR activity underscores agency’s focus on security and AI

Hogan Lovells on 1/17/2025

Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more

FAQs for Schools and Persons Affected By the PowerSchool Data Breach

Jackson Lewis P.C. on 1/13/2025

A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more

[Event] 2nd National Conference on Cybersecurity Law & Compliance - January 29th - 30th, Arlington, VA

American Conference Institute (ACI) on 1/9/2025

Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more

SEC Cybersecurity Incident Disclosure Report

Paul Hastings LLP on 12/19/2024

Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more

Ep. 38 – Halloween Special: Compliance Nightmares

Dentons on 10/31/2024

In healthcare, compliance issues can quickly escalate into compliance nightmares, with serious implications for patient safety, legal liability, and an organization’s reputation. Among the most common compliance nightmares...more

Ransomware Hat Trick: OCR Scores Three Major Enforcement Actions in 2024

Williams Mullen on 10/30/2024

Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more

[Event] Regional Healthcare Compliance Conference - October 11th, Denver, CO

Health Care Compliance Association (HCCA) on 10/2/2024

Looking for compliance education and networking in your area? HCCA’s Regional Healthcare Compliance Conferences offer practitioners convenient, local compliance education on a wide variety of current and emerging topics...more

SEC Issues Updated Guidance on Cybersecurity Incident Disclosure Under Item 1.05 of Form 8-K

Mintz - Privacy & Cybersecurity Viewpoints on 7/12/2024

On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more

Top Privacy and Cybersecurity Issues to Track In 2024

Baker Donelson on 1/29/2024

In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more

5 GRC Trends and Resolutions for a More Secure 2024

Mitratech Holdings, Inc on 1/17/2024

Elevate your resilience in the new year by understanding top GRC trends, patterns, and best practices across AI, TPRM, cyber risk, and more. As we step into 2024, technological advancements and an increasingly connected —...more

Implementation of DFS Cybersecurity Amendments Continues as Ransomware Attacks Dominate Headlines

Patterson Belknap Webb & Tyler LLP on 12/14/2023

Last month, as the New York State Department of Financial Services (“DFS”) began phasing in amended cybersecurity regulations and continued enforcement actions against noncompliant entities, a wave of ransomware attacks...more

BA Depicted by OCR as Example of Ransomware Dangers Recovered Quickly, Didn’t Expect Fine

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more

Privacy Briefs: October 2023

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more

Move it or Lose it – With Cyber Breach Response, Time is of the Essence

Epiq on 9/27/2023

There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more

Board Oversight and Monitoring of Artificial Intelligence Risks

The Volkov Law Group on 8/22/2023

Corporate boards face a panoply of risks – and the nature of these risks are quickly evolving. Cybersecurity has quickly risen to the top of the list of corporate risks. Add to that the new SEC regulations on cybersecurity...more

The SEC has new Cybersecurity Rules. Are you prepared and ready?

Guidepost Solutions LLC on 8/16/2023

On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more

Maintaining Focus on Cyber Risks (Part II of IV)

The Volkov Law Group on 7/12/2023

If you read about the world of hackers and cyber threats, you will quickly become numb to the creativity and variety of techniques that may threaten your organization. Like all risks, however, the key is to consider...more

NAVEX’s 2023 State of Risk & Compliance Report: Compliance Steps Up

The Volkov Law Group on 7/6/2023

NAVEX’s annual report on the state of risk and compliance is a must read. Each year NAVEX supplies helpful insights that compliance professionals, corporate managers and board members can use to benchmark their respective...more

Ransomware Criminal Prosecution of Russian National Underscores Pervasive Ransomware Risks

The Volkov Law Group on 6/1/2023

In today’s world of cyber threats, many companies have fallen victim to ransomware attacks. Corporate boards and senior executives face serious issues when their companies are attacked. The payment of ransom is not only...more

[Webcast Transcript] Data Mining in Incident Response: Managing Risk and Spend through an Effective Evidence-Based Approach

HaystackID on 9/8/2022

Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more

Sanctions Compliance for Crypto: OFAC Issues Guidance Targeting Virtual Currency Industry

Sheppard Mullin Richter & Hampton LLP on 10/22/2021

Last Friday, the Office of Foreign Assets Control (OFAC) published more targeted guidance for digital asset companies related to compliance with sanctions and best practices for mitigating risks. This guide comes on the heels...more

38 Results

View per page

Page: of 2

Compliance › Risk Management › Ransomware

"My best business intelligence, in one easy email…"