DHS and Cyber: What Should Companies Expect?
On April 8, 2025, a sweeping rule issued by the US Department of Justice (DOJ) will take effect. The rule imposes restrictions—and in some cases, outright prohibitions—on US companies in connection with certain types of data...more
As we noted in Federal Cybersecurity Policy in 2025: What to Watch in Changing Times, key parts of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), the United States’ foundational cybersecurity information...more
Welcome to our second issue of 2025 of Decoded - our technology law insights e-newsletter. For those of you with an interest in the Corporate Transparency Act, Brienne Marco and Joe Unger report that the recent injunction...more
The Department of Justice (DOJ) released a Final Rule restricting certain transfers of Americans’ sensitive personal data to identified countries of concern or covered individuals. The Final Rule continues to assert the DOJ...more
Executive Order (EO) 14117 is a national security rule intended to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data. The EO directed the U.S....more
On December 27, 2024, the U.S. Department of Justice (DOJ) announced its final rule on the transfer of certain bulk sensitive personal data to China, Russia, and other countries. Following this, on January 3, 2025, the U.S....more
On January 8, 2025, the Department of Justice (“DOJ”) published its Final Rule to implement President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States...more
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
On February 28, 2024, President Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the EO). The EO empowers...more
Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration...more
Background Critical infrastructure providers confront unique cyber threats. The use of operational technology (OT) introduces risks that arise from, for example, legacy equipment that cannot readily be patched, updated, or...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
Our one-day Regional Compliance Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more