News & Analysis as of

Cybersecurity Covered Entities

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Latham & Watkins LLP

SEC Imposes New Cybersecurity Requirements on Broker-Dealers, Investment Companies, Registered Investment Advisers, and Transfer...

Latham & Watkins LLP on

Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline. ...more

Holland & Knight LLP

New Requirements for Research Security Programs Raise the Stakes for Compliance

Holland & Knight LLP on

The National Security Presidential Memorandum-33 (NSPM-33), issued in January 2021, directed federal agencies that fund research and development (R&D) projects to require certain "Covered Institutions" to certify that the...more

Fisher Phillips

Don't Forget About ERISA in Your Health Plan’s Cybersecurity Efforts: Important Reminders for Plan Fiduciaries in the Wake of...

Fisher Phillips on

Earlier this year, a cyberattack on a leading healthcare claims processing provider had an unprecedented impact on patients and healthcare providers across the country. While group health plans were not directly targeted in...more

Holland & Knight LLP

Change Healthcare Cybersecurity Incident: Financial Impact and Resulting Litigation

Holland & Knight LLP on

On Feb. 21, 2024, the ransomware hacker group ALPHV, otherwise known as "BlackCat," disabled Change Healthcare's nationwide healthcare billing and information systems and demanded a ransom to unlock them....more

Ogletree, Deakins, Nash, Smoak & Stewart,...

The EU’s NIS2 Directive: Covered Entities, Compliance Monitoring, Risk Management, Incident Reporting, and Penalties

Ogletree, Deakins, Nash, Smoak & Stewart,... on

In response to the increasing number of cyberattacks and the acceleration of digital transformation across sectors, the European Union has revised and improved its Network and Information Security (NIS) Directive. The...more

Epiq

New SEC Cybersecurity Rules: What to Know and How to Remain Compliant

Epiq on

As addressing cybersecurity issues continues to become a top priority throughout the financial industry, the U.S. Securities and Exchange Commission (SEC) is following suit. The SEC unanimously voted to approve a new set of...more

Bond Schoeneck & King PLLC

American Privacy Rights Act

Bond Schoeneck & King PLLC on

On April 7, 2024, Representative Cathy McMorris Rodgers and Senator Maria Cantwell introduced the American Privacy Rights Act (APRA) setting forth national data privacy rights and proposing a single, comprehensive federal...more

Bradley Arant Boult Cummings LLP

Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses

Bradley Arant Boult Cummings LLP on

A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more

McGuireWoods LLP

Ounce of Prevention: Are You Keeping Track of Your Business Associate Agreements’ Requirements?

McGuireWoods LLP on

Applicable Provider Types: All - Is Your Entity in Compliance? The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009...more

Skadden, Arps, Slate, Meagher & Flom LLP

SEC Amends Reg S-P To Strengthen Data Breach Response Requirements and Protect Investor Information

Skadden, Arps, Slate, Meagher & Flom LLP on

On May 16, 2024, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P (Reg S-P), which broadly track the changes originally proposed in March 2023. The revised Reg S-P requires...more

Fisher Phillips

Insider Threats to Healthcare Data: What You Need to Know and 5 Steps You Can Take Now

Fisher Phillips on

Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more

McGuireWoods LLP

Ounce of Prevention: Do You Have Business Associate Agreements With Every Required Party?

McGuireWoods LLP on

Applicable Provider Types: All - Is Your Entity in Compliance? The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009...more

Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Health Care Compliance Association (HCCA)

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

WilmerHale

8 Questions To Ask Before Final CISA Breach Reporting Rule

WilmerHale on

On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more

ArentFox Schiff

Key Takeaways from OCR’s CY22 HIPAA Reports to Congress

ArentFox Schiff on

On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more

Ankura

Operational Implications of the New Bulk Sensitive Data Executive Order

Ankura on

On February 28, 2024, President Biden signed Executive Order 14117 (the EO), on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The United...more

Orrick, Herrington & Sutcliffe LLP

RegFi Episode 30: A Closer Look at the American Privacy Rights Act

Orrick, Herrington & Sutcliffe LLP on

If passed, the proposed American Privacy Rights Act would dramatically transform data privacy compliance obligations for companies operating in the United States. Shannon Yavorsky — head of Orrick’s global Cyber, Privacy &...more

Maynard Nexsen

Cyber Agency Issues Proposed Rule on Cyber Incident Reporting for Critical Infrastructure

Maynard Nexsen on

In early April, the Cybersecurity & Infrastructure Security Agency (CISA), within the US Department of Homeland Security, released a Notice of Proposed Rulemaking (NPRM) regarding the implementation of the Cyber Incident...more

Dorsey & Whitney LLP

Significant New Healthcare Privacy and Cybersecurity Developments

Dorsey & Whitney LLP on

As the federal government continues to take action in response to events impacting the healthcare landscape, stakeholders must ensure that they are staying up-to-date with health information privacy and security developments...more

Orrick, Herrington & Sutcliffe LLP

The American Privacy Rights Act: 5 Things You Need to Know

Orrick, Herrington & Sutcliffe LLP on

Two leading U.S. legislators have unveiled a bipartisan plan to enact the first comprehensive federal data privacy law. The proposed American Privacy Rights Act (APRA) largely mirrors common themes in the patchwork of state...more

Bass, Berry & Sims PLC

CISA Publishes Proposed Rule for Cyber Reporting

Bass, Berry & Sims PLC on

On April 4, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published its much-anticipated Notice of Proposed Rule Making for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)....more

Jones Day

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Jones Day on

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

Pillsbury Winthrop Shaw Pittman LLP

New CISA Rule Would Require Widespread Cyber Incident Reporting, Updated Timelines and Penalties for Critical Infrastructure...

Pillsbury Winthrop Shaw Pittman LLP on

Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more

Schwabe, Williamson & Wyatt PC

Comments Sought on Proposed Requirements of the Cyber Incident Reporting for Critical ‎Infrastructure Act

Schwabe, Williamson & Wyatt PC on

On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more

335 Results
 / 
View per page
Page: of 14
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide