On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30,...more
Recent months have seen a wave of ransomware attacks in the US healthcare industry, many involving a sophisticated strain of malware called Ryuk. To protect themselves, healthcare providers should review OCR’s recent guidance...more
Compliance Today (November 2019) - In September 2019, the US Department of Health and Human Services Office of Inspector General released the result of an audit report, “The Centers for Medicare & Medicaid Services Could...more
Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to...more
The Department of Homeland Security (DHS) issued a warning on April 15, 2019, entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices. The...more
The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices....more
Our government is telling us that bringing home that new holiday iPhone® should be a more complicated process than most of us realize. New US Department of Homeland Security (DHS) guidance is appropriately timed to coincide...more
In its most recent Cybersecurity Newsletter, OCR focuses on the intersection of HIPAA and information security. To be sure, HIPAA requires covered entities and business associates to address their organizations’ information...more
Another day, and another form of hacking comes to light. On June 26, 2018, the United States Computer Emergency Readiness Team (US-CERT), an agency within the U.S. Department of Homeland Security, issued a security tip...more
In its January newsletter, the Office for Civil Rights (OCR) focused on cyber extortion, which it stated has “risen steadily over the past couple of years and continue to be a major source of disruption for many...more
On January 4, 2018, the National Health Information Sharing and Analysis Center (NH-ISAC) posted an announcement regarding the cybersecurity threats Meltdown and Spectre that were recently identified....more
US-CERT Warns of New Ransomware: Bad Rabbit - The U.S. Computer Emergency Readiness Team (US-CERT) is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated it has received multiple...more
The U.S. Computer Emergency Readiness Team (US-CERT)is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated that it has received multiple reports of infections by Bad Rabbit in countries...more
Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks. The vulnerability, Key Reinstallation...more
The Federal Trade Commission (FTC) has concentrated on small businesses this year with the launch of www.FTC.gov/SmallBusiness , which provides data security awareness information to small businesses. The site includes...more
Security researchers this week have found a new vulnerability that affects Wi-Fi Protected Access II, also known as WPA2, which is the security protocol used by many wireless networks....more
Following the catastrophic flooding caused by Hurricane Harvey in the Gulf Coast, many local and national nonprofits quickly mobilized to respond to survivors’ immediate needs and begin planning for the long-term recovery of...more
It is a sad fact of life that no misfortune is so bad that someone won't try to take advantage of it. Our hearts go out to the victims of Hurricane Harvey, and our gratitude to those offering help to those affected by the...more
As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or...more
With the growing threat of cyberattacks, we thought it would be worthwhile to discuss a late 2016 change in reporting requirements for federal agencies that have suffered a data breach. The Office of Management and Budget’s...more
Every where you look these days, there seems to be another report of a cyber attack--attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more
Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance...more
With the news of the newest international ransomware campaign that is currently affecting some organizations within the Health Care sector, it is important to not only educate staff on necessary precautions, but also be aware...more