Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR is responsible for administering and enforcing health information…
Category: Federal
Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say
David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with other cyber regulations and demand too much from contracted firms targeted in cyberattacks. The proposed rule from the Pentagon, GSA and NASA — the…
Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
Jeffrey Burt reports: President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief policy statement this week, the White House said public companies not reporting cyberattacks that disrupt their operations not only harms investors who should…
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded investors and violated rules on controls. SolarWinds argued that it disclosed risks…
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage…
After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedures and raised concerns about patient safety. The Centers for Medicare & Medicaid Services, an arm of the Department of…