Hunton Andrews Kurth writes: On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation. The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the…
Category: Legislation
NY Financial Regulator Rolls Out Updated Cybersecurity Standards
Skye Witley reports: New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday. Covered entities will have to use multifactor authentication, expand cybersecurity governance duties, and conduct consistent threat testing under the regulation updated by the New York Department of Financial…
HHS announces its first settlement in a ransomware case: Doctors’ Management Services
From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Management Services, a Massachusetts medical management company that provides a variety of services, including medical billing and payor credentialing. The…
Colorado GOP Wants Inquiry into Delayed Notification of Data Breach
David Migoya reports: Colorado House Republican leaders on Monday called for an investigation into why Colorado’s higher education agency allegedly failed to timely report a massive data breach this summer. In a two-page letter hand-delivered to Gov. Jared Polis and Attorney General Phil Weiser, five state representatives also urged an inquiry into why thousands potentially…
OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is available in English and Spanish. This presentation is intended to educate the health care industry on real…
AU: ASIC modifies licensees’ breach reporting obligations
Rachel Walker and Elouise Casey of Dentons write: Failure to comply with the mandatory breach reporting regime is arguably the canary in the coal mine for regulatory compliance to Australian Securities and Investments Commission (ASIC). We are expecting ASIC’s second annual report on the regime to be published very shortly, and we expect compliance has not…