Commentaries and Analyses – Page 331

Securing Picture Archiving and Communication System (PACS) Cybersecurity for the Healthcare Sector:

Posted on December 21, 2020 by Dissent

NIST SP 1800-24 OCR is sharing the National Cybersecurity Center of Excellence’s (NCCoE) at the National Institute for Standards and Technology (NIST) SP 1800-24, Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector. This practice guide can help HIPAA covered entities and their business associates implement current cybersecurity standards and best practices to…

Breach alerts dismissed as junk? New guide for sending vital emails may help

Posted on December 21, 2020 by Dissent

An article by Bradley Barth raises a number of good points for entities to consider — BEFORE they ever need to send breach notification emails. And not only does the article describe considerations for entities/senders, but the article also provides some tips for recipients of notification emails: …the Messaging, Malware and Mobile Anti-Abuse Working Group…

Ransomware threat actors dump data from yet another k-12 district

Posted on December 21, 2020 by Dissent

The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had…

Federal Financial Agencies Propose Requirement for Computer Security Incident Notification

Posted on December 21, 2020 by Dissent

A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…

Federal financial regulators propose computer-security incident notification for banks

Posted on December 20, 2020 by Dissent

Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…

Maintaining privilege over forensic data-breach reports

Posted on December 20, 2020 by Dissent

Steven Morphy, James Shreve, and Luke Sosnicki of Thompson Coburn LLP offer some commentary on difficulties in the current climate about claiming that forensic data-breach reports are privileged. After discussing some recent decisions, they offer some takeways to help entities. The first tip is: At the most basic level, companies should involve outside counsel in…