Jose Rascon reports: The Department of Homeland Security (DHS) has released a new report looking to wrangle the different avenues in which the Federal government and its agencies report cyber incidents in a more ‘reportable’ fashion. The report, titled “Harmonization of Cyber Incident Reporting to the Federal Government” and released on Sept. 19, comes as…
Category: Federal
OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-attacks. The webinar will discuss real world cyber-attack trends from OCR breach reports and investigations and explore how implementation of appropriate…
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized…
HHS Security Risk Assessment Tool Version 3.4 and Webinars
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This tool is designed to aid small…
What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures
Sid Mody, Andrew J. Geist, Shelly Heyduk, Bill Martin, and Anna Xie discuss the implications of recent actions by the SEC. They write, in part: In sending a Wells Notice to SolarWinds’s CISO, the SEC has put CISOs generally on high alert that the agency is focused on how such professionals may be involved in…
SEC Cybersecurity Rule Leans on Materiality and Reasonableness
Rachel V. Rose, Ted Dziekanowski, and Andy Watkin-Child report: The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, registrants, and other market participants should take special notice of two key terms in the regulations: “materiality” and the “reasonable investor.” The SEC…