The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Report Deeper Dive: FTC
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
India just released a landmark draft of new rules to refine and implement the Digital Personal Data Protection Act (DPDP Act) – which is India’s first comprehensive data privacy legislation regulating digital personal data...more
As the digital landscape evolves, so do the threats that accompany it. The rise of artificial intelligence (AI) has fundamentally transformed the nature of cybercrime, enabling attackers to execute more sophisticated and...more
The country’s largest provider of cloud-based education software for K-12 schools announced on January 7 that it fell victim to a massive data breach – which may lead to questions about the implications for your school....more
On October 10, 2024, the European Union officially adopted the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
As healthcare technology continues to evolve, so does the need for robust compliance strategies to safeguard patient information and ensure the integrity of medical devices. In a joint September 19, 2024 presentation, the...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more
Amidst an ever-evolving cyber threat landscape, a recent slew of regulatory updates and cybersecurity standards are defining a new battlefront for securing critical infrastructure and corporate data across varying sectors....more
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more
Florida lawmakers recently passed a law that provides businesses with a defense to claims arising from “cybersecurity incidents” that lead to data breaches – so long as they meet a few critical obligations. The bill is...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
Report on Patient Privacy 23, no. 12 (December, 2023) Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more
For many, responding to an incident feels chaotic — questions swirling, uncertainties piling up, and no clear direction. Even when prepared with a well-rehearsed incident response plan, a data security incident places a...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
As highlighted in the Data Security Incident Response Report, government entities such as universities, medical centers, public utilities and transportation services companies have become highly sought-after targets of cyber...more
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business. Originally published in Law360 -...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028)....more
Learning Objectives: - Overview of current US privacy/cybersecurity laws and regulation - Current cyber threats: overview of recent trends in cyberattacks and risk areas for healthcare providers - Incident Response: how...more
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC...more
On April 13, the Financial Stability Board (FSB) released a series of recommendations for achieving “greater convergence” in cyber-incident reporting (CIR). Issued at the request of the G-20, the final report draws from FSB’s...more