Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1 The National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking stakeholder input…
Category: Federal
White House Urged to Address Surge in Ransomware Attacks
Kartikay Mehrota reports: Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. These are two of 48 recommendations made by a task force…
Supreme Court holds that monetary relief is unavailable under Section 13(b) of the Federal Trade Commission Act
Brian Wolfman notes: The first paragraph of the Court’s unanimous opinion in AMG Capital Management v. FTC sums it up: Section 13(b) of the Federal Trade Commission Act authorizes the Commission to obtain, “in proper cases,” a “permanent injunction” in federal court against “any person, partnership, or corporation” that it believes “is violating, or is about to…
Bank Groups Object to Proposed Breach Notification Regulation
Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
DOL Issues Cybersecurity Best Practices for ERISA Covered Retirement Plans
Joseph J. Lazzarotti of JacksonLewis writes: Today, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued much anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA Advisory Council, a 15-member body appointed by the Secretary of Labor to provide guidance on employee benefit plans, shared with the…
Report: Draft Executive Order to Require Software Vendors to Notify Federal Customers of Cyber Breaches
Jane Edwards reports: A draft of an executive order would direct software companies to inform federal agency clients in the event of a cyber attack within their organizations, keep more digital records and work with the Cybersecurity and Infrastructure Security Agency and the FBI on incident response efforts, Reuters reported Friday. The order would require multifactor authentication…