NEW YORK – New York Attorney General Letitia James today announced an agreement with Marymount Manhattan College (MMC), a private non-profit liberal arts college in New York City, to invest $3.5 million in data security to protect students’ online data. In 2021, MMC suffered a data breach that affected nearly 100,000 New Yorkers who were current…
Category: Legislation
DHS Pushes for Common Cyber Incident Reporting Definitions
Jose Rascon reports: The Department of Homeland Security (DHS) has released a new report looking to wrangle the different avenues in which the Federal government and its agencies report cyber incidents in a more ‘reportable’ fashion. The report, titled “Harmonization of Cyber Incident Reporting to the Federal Government” and released on Sept. 19, comes as…
OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-attacks. The webinar will discuss real world cyber-attack trends from OCR breach reports and investigations and explore how implementation of appropriate…
California Privacy Protection Agency publishes new draft regulations addressing AI, risk assessments, cyber audits
Philip N. Yannella, Gregory P. Szewczyk, and Timothy Dickens of Ballard Spahr write: The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the CPPA has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
HHS Security Risk Assessment Tool Version 3.4 and Webinars
From HHS OCR: The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) are hosting two webinars for the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This tool is designed to aid small…