The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Episode 293 -- Catching Up with California and Other State Privacy Laws
How to Fix the Cyber Incident Reporting Mess--DHS Weighs In
Regulatory Phishing Podcast - The Impact of Cybersecurity Compliance on Corporate Transactions
The Justice Insiders Podcast: Incidents in the Material World: SEC Adopts New Cybersecurity Rules
Episode 288 -- SEC Adopts Robust New Cybersecurity Disclosure Rules
2023 DSIR Report Deeper Dive into the Data
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
2022 DSIR Deeper Dive: Vendor Incidents
Unauthorized Access: An Inside Look at Incident Response
The State of Cyber: Breaking Down Recent Rules and Regulations
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Cyberside Chats: Preserving Legal Privilege After a Cybersecurity Incident
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Cyber regulation is changing in Australia. As governments globally grapple with the everchanging and increasingly challenging cyber landscape, Australia is poised to implement new laws and update existing regulation in order...more
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
The US Securities and Exchange Commission (SEC), Division of Corporation Finance on June 24, 2024 issued five Compliance and Disclosure Interpretations (C&DIs) on its website to address questions raised by its requirement for...more
The Securities and Exchange Commission (the “SEC”) has issued five compliance and disclosure interpretations related to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K....more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material”...more
Recently, the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued a notice of proposed rulemaking (NPRM) which, if adopted, would require “covered entities” of critical...more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin) added to its Compliance and Disclosure Interpretations (C&DI) related to disclosure of Material Cybersecurity...more
Kennedys and Booz Allen Hamilton are delighted to invite you to our 3 hour webinar on Thursday, June 27, 2024. This half-day seminar features three presentations: Clear and present danger, In the war room, and The fallout....more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
Amidst an ever-evolving cyber threat landscape, a recent slew of regulatory updates and cybersecurity standards are defining a new battlefront for securing critical infrastructure and corporate data across varying sectors....more
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking...more
The Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, has proposed a rule that would govern whether, when, and how companies in critical infrastructure sectors report...more
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
Cyberhackers—potentially frustrated by their limited ability to extort ransom from health care entities in attacks—have started extorting the patients themselves, threatening them with the release of information or...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more