NIST SP 1800-24 OCR is sharing the National Cybersecurity Center of Excellence’s (NCCoE) at the National Institute for Standards and Technology (NIST) SP 1800-24, Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector. This practice guide can help HIPAA covered entities and their business associates implement current cybersecurity standards and best practices to…
Category: Commentaries and Analyses
Breach alerts dismissed as junk? New guide for sending vital emails may help
An article by Bradley Barth raises a number of good points for entities to consider — BEFORE they ever need to send breach notification emails. And not only does the article describe considerations for entities/senders, but the article also provides some tips for recipients of notification emails: …the Messaging, Malware and Mobile Anti-Abuse Working Group…
Ransomware threat actors dump data from yet another k-12 district
The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…
Federal financial regulators propose computer-security incident notification for banks
Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…
Maintaining privilege over forensic data-breach reports
Steven Morphy, James Shreve, and Luke Sosnicki of Thompson Coburn LLP offer some commentary on difficulties in the current climate about claiming that forensic data-breach reports are privileged. After discussing some recent decisions, they offer some takeways to help entities. The first tip is: At the most basic level, companies should involve outside counsel in…