Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector. Sen. Mark Warner (D-VA) has introduced legislation that would require hospitals and their technology vendors…
Category: Federal
Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements NOTE: This is quite long, so leave yourself time to read it. Comments and related material must be submitted on or before June 3, 2024.
CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. …
Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations. OFAC is also designating Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ,for…
FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to an FCC Report and Order (the “Order”). Their previous blog post explained the Rules: Pursuant to the…
Biden’s new data security order leaves industry officials, privacy advocates scratching their heads
David DiMolfetta reports: A new White House directive that gives agencies the legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries is getting mixed reviews, with industry executives saying it could risk muddling current data flow mechanisms and privacy advocates contending it doesn’t go far enough to address potential abuses at…