Cybersecurity – Page 3

New York’s Cyber Regulations Now Apply to Credit Reporting Agencies

July 2, 2018 / Cybersecurity, Data, Regulation

On June 25, 2018, the New York Department of Financial Services (NYDFS) issued a final regulation that requires any credit reporting agency (CRA) with “significant operations” in New York to register with the NYDFS and comply with the NYDFS cyber regulations under Part 500. CRAs must register by September 15, 2018. Significantly, as outlined below, CRAs also must begin complying with New York’s cyber regulations as early as November 1, 2018 – i.e., in four months. …

New York’s Cyber Regulations Now Apply to Credit Reporting AgenciesRead More »

New York’s Cyber Regulations Now Apply to Credit Reporting Agencies Read More »

No Coverage for Seafood Importer Netted in Phishing Scam

April 18, 2018 / Cybercrime, Cybersecurity

By: Josh Mooney

On April 16, 2018, Beazley Group issued a report highlighting increased attacks on Microsoft’s cloud-based business products and services. The report stated that successful attacks typically are achieved by tricking employees into opening spoofed emails with malicious links or fraudulent instructions to credential harvest. These attacks allow hackers entry into the insured’s system, where they can search for personal information and bank records to initiate wire transfers or redirect payments to hacker-controlled bank accounts. …

No Coverage for Seafood Importer Netted in Phishing ScamRead More »

No Coverage for Seafood Importer Netted in Phishing Scam Read More »

SEC Updated Guidance on Cyber Disclosure by Publicly Traded Companies in a Digitally-Connected World

February 22, 2018 / Cybersecurity, Privacy, Regulation

“To win a race, the swiftness of a dart availeth not without a timely start.”
~ Jean de La Fontaine

The Securities and Exchange Commission (the “Commission”) Wednesday announced updated cybersecurity guidance for public companies. This guidance reinforces the Division of Corporation Finance guidance issued in October 2011 and expands upon it to include two new topics: (i) the importance of cybersecurity policies and procedures and (ii) the application of insider trading prohibitions in the cybersecurity context. The guidance itself and early reactions make it evident that the Commission is committed to aggressively regulating this area over the long haul. …

SEC Updated Guidance on Cyber Disclosure by Publicly Traded Companies in a Digitally-Connected WorldRead More »

SEC Updated Guidance on Cyber Disclosure by Publicly Traded Companies in a Digitally-Connected World Read More »

Internet of Medical Things Resilience Partnership Act of 2017

October 16, 2017 / Cybersecurity, Data, Healthcare, Uncategorized

A new bill called the “Internet of Medical Things Resilience Partnership Act of 2017,” H.R. 3985, was recently introduced in the House of Representatives. If passed as drafted, the bill will establish a working group of public and private entities led by the Food and Drug Administration (FDA) and National Institute of Standards and Technology (NIST) to recommend voluntary frameworks and guidelines to increase the security and resilience of Internet of Medical Things devices. Specifically, the working group will develop “recommendations for voluntary frameworks and guidelines to increase the security and resilience of networked medical devices sold in the U.S. that store, receive, access or transmit information to an external recipient or system for which unauthorized access, modification, misuse, or denial of use may result in patient harm.”

…

Internet of Medical Things Resilience Partnership Act of 2017Read More »

Internet of Medical Things Resilience Partnership Act of 2017 Read More »

Comment Deadline Approaching for NIST Information Security Framework

September 6, 2017 / Cybersecurity

The public comment period, which began on August 15th, for The National Institute of Standards and Technology’s (NIST) draft, Revision 5, of Special Publication 800-53 “Security and Privacy Controls for Information Systems,” ends on Tuesday, September 12. The newest draft of SP 800-53 is part of a continuing drive to create a “unified information security framework for the federal government.” Though specifically geared towards creating a framework for the government, the draft also has useful and practical implications for organizations across all sectors. In order to deemphasize a focus on specifically the federal government, this revision removes the word “federal” from the draft. …

Comment Deadline Approaching for NIST Information Security FrameworkRead More »

Comment Deadline Approaching for NIST Information Security Framework Read More »

NotPetya – What Should You Do?

June 30, 2017 / Cybercrime, Cybersecurity

It’s been three days since the outbreak of NotPetya, and we are beginning to learn more about it. Here are some quick things to know and some steps each company should take to help protect itself. …

NotPetya – What Should You Do?Read More »

NotPetya – What Should You Do? Read More »

Task Force Issues Report on Health Care Industry Cybersecurity Challenges and Recommendations

June 13, 2017 / Cybersecurity, Healthcare, Uncategorized

On Monday, June 5, the Health Care Industry Cybersecurity Task Force (the “HCIC Task Force”) issued its Report on Improving Cybersecurity in the Health Care Industry to Congress. The report highlighted that health care cybersecurity is a “key public health concern that needs immediate and aggressive attention.”

In the report, the HCIC Task Force identified six “imperatives” that must be achieved to increase security within the health care industry.

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry

April 26, 2017 / Cybersecurity, Data, Healthcare

Protected health information (PHI) is targeted by hackers. Recently, the Cyber Division of the Federal Bureau of Investigation issued a Private Industry Notification regarding security vulnerabilities in File Transfer Protocol (FTP) servers running in anonymous mode.

…

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare IndustryRead More »

FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry Read More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things

April 12, 2017 / Cybersecurity, Data, Privacy, Regulation

The continuing proliferation of internet-connected devices (the “Internet of Things”) has accelerated the availability of modern technological conveniences hand in hand with the erosion of cybersecurity and privacy. In October 2015, White and Williams released a client alert addressing the myriad privacy and security issues that the increased Internet of Things had already created, as well as explored new potential risks posed by such pervasive interconnectivity. In particular, the alert highlighted the potential physical dangers posed by the hacking of internet-connected cars. Such vehicles can be accessed by third parties to not only control accessory components, such as windshield wipers and air conditioning, but a driver’s very ability to operate the vehicle itself.

…

SPY Car and Cyber AIR Acts: Regulating the Internet of ThingsRead More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things Read More »