Change Healthcare Cyberattack: Actionable Next Steps for Impacted Entities
Security, Privacy And The Law
by Colin Zick
2w ago
Key Takeaways: Change Healthcare, a healthcare technology company owned by UnitedHealth Group, has been impacted by a ransomware attack, so its services have been shut down. Patients and providers have been most severely impacted by this incident—some patients are being forced to pay out of pocket for medications, and many providers have not been able to submit claims. Entities that have been impacted by this ransomware attack can take actionable steps outlined below to avoid further disruptions. ___________________________________________________ Change Healthcare Cyberattack On February 21 ..read more
Visit website
U.S. Department of Energy Releases Cybersecurity Baselines for Utilities and DERs
Security, Privacy And The Law
by Carol Holahan
3w ago
As part of the Biden Administration’s efforts to align energy cybersecurity efforts across the country, the U.S. Department of Energy (“DOE”) has funded the release of a set of energy distribution cybersecurity baselines for entities participating in the nationwide grid transition. On February 22, 2024, the DOE announced its support for the release of cybersecurity baselines for electric distribution systems and distributed energy resources (“DERs”). The initiative was funded by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (“CESER”) in partners ..read more
Visit website
The Federal Communications Commission Updates Its Data Breach Rules
Security, Privacy And The Law
by Colin Zick
3M ago
On December 21, 2023, the Federal Communications Commission released an order updating its data breach rules.  These updated rules require telecommunications providers to report breaches of customer proprietary network information, such as numbers that have been dialed and when they have been dialed, but also require reporting of personally-identifiable information (PII), such as driver’s license numbers, Social Security numbers, and credit card numbers.  The new FCC rules also require companies to report accidental breaches, a significant change from the prior rules, which only ..read more
Visit website
FBI and CISA Issue Advisory on Scattered Spider Ransomware Attacks
Security, Privacy And The Law
by Colin Zick
4M ago
Key Takeaways: The Federal Bureau of Investigation (FBI) and Cybersecurity & Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory in response to recent activity by the threat actor group known as Scattered Spider. Scattered Spider is known to target large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – for ransomware attacks. Scattered Spider largely relies upon impersonating IT support professionals and manipulating target company employees into sharing ..read more
Visit website
CISA Publishes Mitigation Guide to Combat Cyber Threats in the Healthcare and Public Health Sectors
Security, Privacy And The Law
by Colin Zick
4M ago
If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the Healthcare and Public Health Sectors.  This somewhat technical guide is a little dry, but it offers solid recommendations and sugested best practices to combat the pervasive cyber threats affecting the Healthcare and Public Health (HPH) Sectors. CISA identified and its guide addresses common vulnerabilities and insecure configurations across the HPH Sector, such as: • Web a ..read more
Visit website
Your Password Can’t Possibly Be This Bad, Can It?
Security, Privacy And The Law
by Colin Zick
4M ago
NordPass (the purveyor of a password manager) has assembled a list of the top 20 passwords in healthcare, based on usage by the world’s largest companies.  According to NordPass’s analysis, the “top” 20 passwords are: 123456 password part of the company’s name* 12345 aaron431 part of the company’s name2012* Part of the company’s name* PART OF THE COMPANY’S NAME443* company name2014* linkedin pass1 company name* COMPANY NAME’S ABBREVIATION1* company name* 00000 1111 company name* 1234 Med company name* Obviously, none of these are optimal, particularly in situation where HIPAA Protected ..read more
Visit website
President Biden Issues Executive Order on Use of Artificial Intelligence in Healthcare Settings
Security, Privacy And The Law
by Bryant Godfrey
5M ago
Key Takeaways: This executive order (EO) directs federal agencies to review and develop policies to guide the use of artificial intelligence that touches every sector of the economy. The EO directs the Department of Health and Human Services (HHS) to establish an HHS AI Task Force to develop a strategic plan on the responsible deployment of AI and AI-enabled technologies in healthcare settings. The EO also directs HHS to develop a strategy for regulating the use of AI-enabled tools in the drug development process. The Biden administration actions to direct government agencies on the developme ..read more
Visit website
NY State Education Department Bans Facial Recognition Technology
Security, Privacy And The Law
by Jeremy Meisinger
5M ago
In late September, the NY State Education Department issued a two-page order providing that NY public schools may not purchase or utilize facial recognition technology. The Department relied on a report issued by the NY Office of Information Technology Services in August that was critical of the privacy implications of facial recognition technology, but left open the door for the use of other types of biometric technology in schools. The Department’s actions followed on litigation that began in 2020 after an upstate school district began implementing a facial recognition system intended to ide ..read more
Visit website
HHS OCR/ONC Announce Latest Version of Security Risk Assessment Tool
Security, Privacy And The Law
by Colin Zick
6M ago
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment (SRA) Tool. The SRA Tool is designed to help healthcare providers conduct a risk analysis as required by the HIPAA Security Rule. Identifying and assessing potential risks and vulnerabilities to electronic protected health information (ePHI) are foundational elements in the implementation of security measures that protect ePHI. As hacking and ransomware attacks continue to in ..read more
Visit website
Seven Major U.S. Tech Organizations Voluntarily Commit to A.I. Safeguards
Security, Privacy And The Law
by Christopher Escobedo Hart
8M ago
Ed Note:  Thank you to Summer Associate Nicole Onderdonk for her significant contributions to this post. On July 21, 2023, the White House announced that seven leading A.I. organizations (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI) agreed on and committed to immediately implementing voluntary safeguards for the development of artificial intelligence (A.I.) technology. Although not legally binding, these “voluntary commitments” mark one of the first steps in what could develop into a U.S. regulatory regime for A.I. With this announcement, the U.S. joins other govern ..read more
Visit website

Follow Security, Privacy And The Law on FeedSpot

Continue with Google
Continue with Apple
OR