Sergiu Gatlan reports: US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the…
Category: Breach Laws
Ransomware Resources for HIPAA Regulated Entities
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…
Getting caught up: Conti domains seized by Irish Garda
A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti: Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”. If anyone logs on to the sites they will see a screen warning the site…
Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The new rules intend to bring the department into compliance with the 2019 Stop Student Debt Relief Scams Act and…
Industry lobbies Congress to extend notification timeline after cybersecurity incidents
Maggie Miller reports: Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breaches. Read more on The Hill.
Indian companies go scot-free despite breach of customer data
Vishal Raghavan has an opinion piece in The Leaflet about the failure of Indian firms to notify customers of breaches or to be held accountable and fined monetarily by regulators. He begins by reviewing a number of high-profile breaches reported in the last year or so, and the notes that all of the companies didn’t…