Cost of Noncompliance: More Than Just Fines
No Password Required: President at Constellation Cyber, Former FBI Translator, and Finder of Non-Magical Mushrooms
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Cyber Threats
No Password Required: A Developer Advocate with Auth0 and an "Accordion Guy" with Rockstar Aspirations
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
[Podcast] NSA Cybersecurity Services for Defense Contractors
Dark Web Monitoring - Unauthorized Access Podcast
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Fighting the Constantly Evolving Threat of Cybercrimes
Part 2: Cybersecurity and the Role of Management
Part 1: Cybersecurity and the Role of Management
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Ransomware, Geopolitical Tensions, and the Race to Regulate
In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to...more
In February 2024, the healthcare industry was rattled by a significant cyberattack targeting Change Healthcare (“Change”), a subsidiary of UnitedHealth Group, one of the largest health insurance companies in the world. The...more
A ransomware attack on Change Healthcare, a technology company owned by UnitedHealth that touches one of every three U.S. patient records, has resulted in hospitals and pharmacies across New York facing a cash crunch. The...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
Hospitals, health systems and providers are targets of cyberattacks at an alarming rate, putting patient data, electronic infrastructure and, most importantly, patient lives at risk. The Department of Health and Human...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
New York is the first state to propose cybersecurity requirements for all hospitals operating in the state to address patient safety and other cybersecurity related issues....more
News Briefs - Senate Committee Advances Bill on 'Ghost Providers,' PBMs - In a unanimous 26-0 vote, the Senate Finance Committee passed a comprehensive draft package that puts pharmacy benefit manager reform and mental health...more
New York Gov Kathy Hochul is touting her proposed statewide cybersecurity regulations for hospitals and health systems as “nation-leading,” and, if approved, those entities will have until February 2025 to comply with the new...more
Health and Human Services (HHS) has released a report that details findings about the state of hospital cyber systems across the United States. In connection with a recent Ponemon Institute report on the cost and impact on...more
Hospitals, health systems and providers are targets of cyberattacks, putting valuable patient data and, more importantly, patient lives at risk. The Department of Health and Human Services’ Office of Civil Rights reported an...more
Health care providers of all sizes should be reviewing their Distributed Denial of Service (DDoS) mitigations and response plans immediately. On February 2, a pro-Russia hacktivist group, dubbed "Killnet," called upon all of...more
Report on Patient Privacy 22, no. 9 (September, 2022) - More than 92% of patients believe privacy is a right and their health data should not be available for purchase, according to a survey from the American Medical...more
Report on Medicare Compliance 31 no. 18 (May 16, 2022) - In a version of the future that hopefully never comes, malware is able to remove malignant-looking tumors from CT or MRI scans before they were reviewed by...more
Report on Patient Privacy 22, no. 3 (March, 2022) - HHS said in early March that it was not aware of any specific threat to U.S. health care organizations stemming from the Russian invasion of Ukraine. “However, in the...more
Report on Patient Privacy 22, no. 3 (March, 2022) - Typically a “legacy” describes the lasting impact of an influential person or movement, most often in a positive sense. Not so with medical devices. When legacy is applied...more
Report on Patient Privacy 22, no. 2 (February, 2022) - Tensions between the U.S. and Russia could lead to a heightened risk of Russian state-sponsored cyberattacks on U.S. interests, including health care organizations,...more
Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more
Go to just about any news site today and there is probably a new story about a data breach that costs a company millions of dollars. Just in the past few weeks, we’ve seen Colonial Pipeline pay as much as $5 million in...more
Report on Patient Privacy 21, no. 4 (April 2021) - As the COVID-19 pandemic progressed from its urgent beginning to almost a “new normal,” chief information security officers (CISOs) at health systems have been fighting...more
Compliance Today (January 2021) - The newly created Cybersecurity and Infrastructure Security Agency issued a joint alert with the Federal Bureau of Investigation and the U.S. Department of Health & Human Services regarding...more
Several federal agencies have teamed up to warn healthcare employers of the increased threat they face as a result of malicious cybercriminals aiming to take advantage of the pandemic to wreak havoc on their operations. The...more
A public cybersecurity advisory was issued yesterday about a likely ransomware attack against the health care and public health sector. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of...more
Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the...more
Following the escalation of tensions between the United States and Iran in the past week, the Health Information Sharing and Analysis Center (H-ISAC) is warning hospitals and health systems that Iran could attack health...more