President Biden recently released an Executive Order “addressing the extraordinary and unusual national security threat posed by the continued effort of certain countries of concern to access Americans’ bulk sensitive personal data and certain U.S. Government-related data.”
Continue Reading DOJ Regulations and White House Executive Order Will Target Protections for Americans’ Sensitive Personal Data Against Foreign Threat Actors
Cybersecurity
NIST Releases Cybersecurity Framework 2.0
On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of its voluntary Cybersecurity Framework (“CSF”).
The first iteration of the CSF was released in 2014 as a result of an Executive Order, to help organizations understand, manage, and reduce their cybersecurity risks. The original CSF was developed for organizations in the critical infrastructure sector, such as hospitals and power plants, but has since been voluntarily implemented across various sectors and industries, including throughout schools and local governments.Continue Reading NIST Releases Cybersecurity Framework 2.0
HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS. …
Continue Reading HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
An Update on the SEC’s Cybersecurity Reporting Rules
As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. …
Continue Reading An Update on the SEC’s Cybersecurity Reporting Rules
HHS Office for Civil Rights Publishes Cybersecurity Resource for HIPAA Implementation
On February 16, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.” The publication features guidance…
China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone
Recent developments in the Shanghai Pilot Free Trade Zone to facilitate cross-border data transfers are expected to provide greater flexibility in exporting data from China, which has been stymied by the Cyberspace Administration of China’s strict cross-border data transfer regulations proposed in December 2023. …
Continue Reading China Plans to Accelerate Cross-Border Data Transfers by Implementing Trial Rules in Shanghai Pilot Free Trade Zone
FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers. …
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures
UK National Cyber Security Centre Warns Ransomware Threat Expected to Rise with AI
On January 24, 2024, the UK National Cyber Security Centre announced it had published a report on its assessment of the near-impact of AI on the cyber threat landscape. …
Continue Reading UK National Cyber Security Centre Warns Ransomware Threat Expected to Rise with AI
UK Government Publishes Draft Code of Practice on Cybersecurity Governance
On January 23, 2024, the UK government announced that it published a draft Code of Practice on cybersecurity governance. The guidelines in the Code are intended to “help directors and senior leaders shore up their defences from cyber threats.” The Code has been designed in partnership with industry directors, cyber and governance experts, and the UK National Cyber Security Centre (NCSC), with a key focus to ensure that organizations have detailed plans in place to respond to and recover from any potential cyber incidents. …
Continue Reading UK Government Publishes Draft Code of Practice on Cybersecurity Governance
NYDFS Issues $8 Million Fine Against Virtual Currency Company
On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order with virtual currency company Genesis Global Trading, Inc. (“Genesis”) for “significant” failings in Genesis’ Anti-Money Laundering and cybersecurity compliance frameworks. According to the NYDFS, Genesis’ failure to comply with the NYDFS’ virtual currency and cybersecurity regulations left the company vulnerable to cybersecurity risks and related unlawful activity. Continue Reading NYDFS Issues $8 Million Fine Against Virtual Currency Company