Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also…
Category: Federal
IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security…
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR is responsible for administering and enforcing health information…
Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say
David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with other cyber regulations and demand too much from contracted firms targeted in cyberattacks. The proposed rule from the Pentagon, GSA and NASA — the…
Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
Jeffrey Burt reports: President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief policy statement this week, the White House said public companies not reporting cyberattacks that disrupt their operations not only harms investors who should…
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded investors and violated rules on controls. SolarWinds argued that it disclosed risks…