DHS and Cyber: What Should Companies Expect?
On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a...more
On February 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3) warns of increased collaboration...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based...more
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
Publications and Advisories - November 13, 2023 – Kathleen Benway, Kate Hanniford, Amy Mushahwar, Kim Peretti, and Lance Taubin published “Privacy, Cyber & Data Strategy Advisory: FTC Approved New Data Breach Notification...more
A proposed $1M civil penalty against Colonial Pipeline for its procedural failures during a ransomware attack could indicate what’s in store for critical infrastructure operators who fail to keep employees up to date on how...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
It’s the call you hope you never get. Your company has been hit with a ransomware attack. Your systems are offline. Your customer data was stolen by an unknown threat actor who is threatening to leak it. You have lots of...more
The Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. Government Agency that works with the private sector to defend against cyber threats and to build more secure and resilient infrastructure for the...more
Companies face increasingly tough decision points in preparing for and responding to the proliferation of ransomware attacks. Our Privacy, Cyber & Data Strategy Group outlines seven issues for general counsel to consider as...more
It is no secret that ransomware attacks have increased in sophistication and sheer numbers during the COVID-19 pandemic, but a silver bullet solution remains elusive. The government is attacking the problem in multiple ways....more
The SEC’s Office of Compliance and Examinations (OCIE) issued a risk alert on July 10 about its observation of an apparent increase in sophistication of ransomware attacks on SEC registrants, including broker-dealers,...more
The spread of the novel coronavirus has upended Americans’ lives in a matter of months. While life outside has ground to a standstill in many regions of the country, much of corporate America is meeting the unique challenges...more