No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity
While the balance of security, privacy, and public safety has always been a concern, recent cyberattacks have highlighted conflicting guidance by United States government officials, creating potential pitfalls for businesses....more
Last fall at the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference, U.S. Department of Health & Human Services Office for Civil Rights (OCR) promised that before year’s end, it would...more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was enacted in 2022 with the primary purpose of preserving national security, economic security, and public health and safety. CIRCIA provides the Director...more
From large-scale hacks to new rules governing cyber practices, the cyber landscape continues to become more complex. The risk for breaches is higher than ever before. The numbers support this declaration. According to the...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more
In today’s world of cyber threats, many companies have fallen victim to ransomware attacks. Corporate boards and senior executives face serious issues when their companies are attacked. The payment of ransom is not only...more
On February 17, 2023, the US Department of Health and Human Services Office for Civil Rights (OCR) released two companion reports to Congress detailing its actions in 2021 to enforce the privacy, security, and breach...more
Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally...more
Law firms process sensitive information on a daily basis. Confidential client data is targeted by hackers and insiders for a variety of reasons including financial gain or retaliatory purposes. When a law firm has a security...more
Friday afternoon, news sources reported that Molson Coors Beverage Company notified the Securities and Exchange Commission about an ongoing data breach that had delayed and disrupted, "the Company's business, including its...more
Last month there was a cyber-attack suspected to have been perpetrated by Russian hackers. The attack was traced back to third party – a network management software vendor, SolarWinds. Among its 300,000 customers, SolarWinds...more
Report on Patient Privacy 20, no. 10 (October 2020) - September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - Avon, a popular cosmetics company that sells door to door and online, experienced a data breach caused most likely by ransomware employed by a known hacker...more
HCCA has assembled a half-day virtual conference to help compliance professionals stay on top of the fast-moving changes caused by the COVID-19 pandemic. By participating in this event, you will hear directly from the...more
We all know that businesses rely on a large number of third-party vendors to support their business operations. Many of these third parties require access to a company’s data and its internal information and technology...more
Holmes was one of the most famous women to come out of Silicon Valley. She founded Theranos, hyped the fraudulent blood testing scam and became for a short time a billionaire. Now all of that is gone, gone, gone. ...more
Cybersecurity compliance, like the compliance profession, is rapidly growing. The forces pushing cyber compliance are two-fold: the ever-increasing and changing nature of cyber threats and harms, and the logical application...more
I am tempted to write something along the lines of “another month, another scandal at Uber” but I do not think that would really help any compliance professional or business executive learn from the latest FUBAR announced by...more
It is the dust in end that Equifax created from its statements over the past week and actions which led to the massive data breach in the first place. The former head of the company, Richard Smith, testified before Congress...more
It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach. Forty-seven states require employers to notify employees when defined categories of personal information, including...more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more
Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a...more