LATEST POST
NY Financial Regulator Rolls Out Updated Cybersecurity Standards
Bloomberg reports: New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday. Covered entities will have to use multifactor authentication, expand cybersecurity governance duties, and conduct consistent threat testing under the regulation updated by the New York Department of Financial Services. […]
HHS settles its first ransomware investigation case: Doctors’ Management Services
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Management Services, a Massachusetts medical management company that provides a variety of services, including medical billing and payor credentialing. The HIPAA Privacy, Security, and Breach Notification […]
OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
From HHS OCR: In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is available in English and Spanish. This presentation is intended to educate the health care […]
Colorado GOP Wants Inquiry into Delayed Notification of Data Breach
GovTech reports: Colorado House Republican leaders on Monday called for an investigation into why Colorado’s higher education agency allegedly failed to timely report a massive data breach this summer. In a two-page letter hand-delivered to Gov. Jared Polis and Attorney General Phil Weiser, five state representatives also urged an inquiry into why thousands potentially affected […]
US sues software company targeted in massive Russian cyber espionage campaign
The Hill reports: The U.S. sued a software company targeted in a massive Russian cyber espionage campaign Monday. The Securities and Exchange Commission (SEC) suit against Texas-based SolarWinds is seeking civil penalties, reimbursement of “ill-gotten gains” and the removal of the company’s top security executive, Tim Brown, according to The Associated Press. “We allege that, for years, […]
The U.S. And Its Allies Are Pledging Never To Pay Hacker Ransoms
Eric Geller reports: The Biden administration and dozens of foreign allies will pledge this week never to pay ransoms to hackers who lock up their national governments’ computer systems, hoping to discourage financially motivated cyber criminals from seeing those systems as attractive ransomware targets. The joint promise will occur as part of the third annual […]
Quishing is the new phishing: What you need to know
Jack Wallen explains that the little QR codes that ads tell you to scan can be weaponized in phishing attacks to steal your information, aka “quishing:” What is quishing? Consider the QR code aired during the Super Bowl. Now, imagine the company behind that commercial had malicious intent (just to be clear, the company behind […]
FTC announces new Safeguards Rule provision: Is your company up on what’s required?
October 2023 marks the 20th anniversary of the effective date of the Gramm-Leach-Bliley Safeguards Rule. Its purpose then – and its purpose now – is to protect consumers by requiring entities covered by the Rule to “develop, implement, and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer […]