In terms of healthcare data breaches, 2024 was the worst year ever, with the records of at least 53% of the U.S. population involved and two of the biggest healthcare data breaches of 2024 ranking in the top 10 of all time. ...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates...more
On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for...more
As of January 23, 2025, the regulation discussed below has not been withdrawn by the Trump administration and is not subject to automatic withdrawal under President Trump’s Executive Order freezing regulations. It currently...more
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
The wireless industry has revolutionized the way we connect, from facilitating teleworking, distance learning, and telemedicine to allowing the American public to interact virtually in almost all other aspects of their daily...more
On Dec. 27, the Department of Health and Human Services (HHS) issued proposed updates to the HIPAA Security Rule to address evolving cybersecurity threats in healthcare. Introduced through a Notice of Proposed Rulemaking...more
President Joe Biden issued Executive Order (EO) 14117 in February 2024 to mitigate national security risks posed by threat countries’ access to sensitive personal data and government-related data. The EO directed the U.S....more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more
On July 19, 2024, the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
The proposal seeks to make executive compensation arrangements more sensitive to risk and would require complex risk management programs to ensure compliance....more
Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more
The maritime industry is undergoing a significant transformation that involves increased use of cyber-connected systems, coinciding with increased nation-state and cybercriminal targeting of cyber systems in ports and...more
What Happened - On July 26, the U.S. Securities & Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule on a 3-2 vote. The final rule is a modified...more
The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
On July 29, the FDIC issued a Fact Sheet and Advisory (collectively, the Published Documents) regarding FDIC deposit insurance and crypto assets. The Published Documents emphasize that FDIC deposit insurance does not apply...more
The Federal Energy Regulatory Commission (FERC) is tasked with keeping our electric grid safe and maintaining reliable and secure energy for U.S. consumers. ...more
On August 20, 2019, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) approved amendments to the regulations implementing Section 13 of the Bank Holding Company Act,...more
Part 107, the rule broadly authorizing commercial UAS (drone) operations, was an important step forward for the commercial UAS industry. However, Part 107 limited operations in important ways. One significant limitation...more
This edition of the Cozen O’Connor Aviation Regulatory Update reports on Congress’s six-month extension of FAA’s reauthorization; new U.S. Bilateral Aviation Safety Agreements with the European Union and Canada; the FAA’s...more