No Password Required: LIVE From Sunshine Cyber Con
An Update On IOT Device Breaches, Framework, And Legislation
Your Cyber Minute: Importance of the GDPR to the global business community
Your Cyber Minute: The Implications of the GDPR for Cybersecurity
How to Respond to President Obama's Cybersecurity Executive Order
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant...more
GREAT SCOTT! Did you know publication of the NIST Cybersecurity Framework (CSF) 2.0 is around the corner? Last updated in 2018, NIST is making substantial changes to the CSF due to evolving threats. What are these changes?...more
The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here)....more
Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or...more
Cyberattacks on organizations with large consumer databases have been on the rise recently. This is certainly true for the insurance industry, which also has been migrating more business to online platforms in an effort to...more
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
The year is 2013: The Obama administration just signed Executive Order 13636, calling for the sharing of cybersecurity risk information and a framework for reducing such risk. It was then that the National Institute of...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the EU advocate general's decision in Schrems II, a federal court's ruling that an insurer owed coverage for a social engineering loss, the Chinese...more
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
The National Institute of Standards and Technology (NIST) released its first privacy framework tool (the “Privacy Framework”) on January 16, 2020. In the Executive Summary...more
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
The National Association of Insurance Commissioners (NAIC) Cybersecurity (EX) Working Group (Cybersecurity WG) approved Version 6 (Finalized) of its Insurance Data Security Model Law (Model) on August 7 at the NAIC Summer...more
Connecticut Bulletin MC-23. The Connecticut Insurance Department issued Bulletin MC-23 on June 13, 2017. The Bulletin addresses certification and notice requirements for data security requirements applicable to TPAs and PBMs...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In December 2016, Thomas Curry, the Comptroller of the Currency, stated that cybersecurity was the single greatest systemic threat to our financial system. He was not being hyperbolic. Cybersecurity should be on...more
Businesses today have their work cut out for them. Small or large, no organization is immune from cybersecurity threats. Added pressures arise from stepped up government regulatory oversight and enforcement that targets an...more
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more
All organizations, including financial institutions, continue to face significant security threats across their wide ranging IT systems. Such organizations are particularly vulnerable if they cannot track networked devices...more
The Cybersecurity Task Force of the National Association of Insurance Commissioners (the “NAIC”) met last month, as part of on the NAIC’s 2015 Summer National Meeting in Chicago. The Task Force focused on two issues: the...more