Theodore J. Kobus III of BakerHostetler writes: Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend…
Category: Commentaries and Analyses
NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses
Kate Hanniford of Alston & Bird writes: Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of…
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1 The National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking stakeholder input…
Data Brokers and National Security
Michael Kans reports: In the worlds of data protection and privacy, too often there is a decoupling of national security issues and what might be termed non-national security issues despite the clear interplay between the two realms. Over the past decade, U.S. adversaries have vacuumed up the personal data of many Americans with one nation…
White House Urged to Address Surge in Ransomware Attacks
Kartikay Mehrota reports: Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. These are two of 48 recommendations made by a task force…
Experian API Exposed Credit Scores of Most Americans
Brian Krebs reports: Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says it has plugged the data leak, but the researcher who reported the finding says…