LATEST POST
At least 15 Cencora/Lash Group clients affected by hacking incident; more than 542,000 patients already notified
In February, Cencora (formerly known as AmerisourceBergen/Lash Group) filed notice of a cybersecurity incident with the Securities and Exchange Commission: On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment […]
Tennessee Passes Law Restricting Data Breach Class Action Suits
Linn Foster Freedman of Robinson + Cole notes that Tennessee Governor Bill Less has signed legislation into law that will shield private entities from class action lawsuits stemming from cybersecurity incidents unless the event was caused by willful, wanton, or gross negligence. The bill amends TCA Title 29 and Title 47. Freedman comments: This bill […]
SEC Staff Provides Guidance on Cyber Form 8-K Reporting
On May 21, 2024, the U.S. Securities and Exchange Commission (“SEC”) published interpretive guidance on reporting material cybersecurity incidents under Form 8-K. Lawyers at Hunton Andrews Kurth comment: Since December 18, 2023, when the SEC’s rules for reporting material cybersecurity incidents under Item 1.05 on Form 8-K took effect, we have identified 17 separate companies that have made disclosures under […]
SEC Charges Intercontinental Exchange and Nine Affiliates Including NYSE with Failing to Inform the Commission of Cyberattack
A press release from the Securities and Exchange Commission (SEC): Washington D.C., May 22, 2024 — The Securities and Exchange Commission today announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to […]
FTC Finalizes Order with Blackbaud Related to Allegations the Firm’s Security Failures Led to Data Breach
From the Federal Trade Commission: The Federal Trade Commission has finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers. In a complaint first announced in February 2024, the FTC […]
ARPA-H announces program to enhance and automate cybersecurity for health care facilities
The government is investing in helping to secure hospitals from ransomware attacks: Safeguarding protected health information is a top priority for the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). OCR is sharing the following announcement of Advanced Research Projects Agency for Health (ARPA-H) on the launch of Universal PatchinG and Remediation […]
SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of Customer Information
The following is a press release from the Securities and Exchange Commission: Washington D.C., May 16, 2024 — The Securities and Exchange Commission today announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the […]
Hacking forum taken down by law enforcement — again.
BreachForums, a popular hacking forum where users can sell, leak, or share stolen data or information, was seized this week by the FBI, DOJ, and international partners. Because none of the governments have issued any press releases or statements yet, there is much that has yet to be confirmed or disconfirmed, but on Wednesday, a […]