NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities April 25, 2023 For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health…
Category: Legislation
Nunn announces bipartisan plan to prevent school cyberattacks
Grant Gerlock reports: Third District Congressman Zach Nunn is supporting federal legislation aimed at preventing school cyberattacks like the one that canceled classes for Des Moines students for two days earlier this year. The measure would make federal officials available to advise school districts on ways to improve network security and respond to hacking attempts….
Virginia Passes Legislation Prohibiting the Use of Employees’ Social Security Numbers as Identifiers
Jason C. Gavejian and Joseph J. Lazzarotti of JacksonLewis write: On March 21, 2023, Virginia’s governor approved Senate Bill 1040, which prohibits an employer from using an employee’s social security number or any derivative as an employee’s identification number. The bill also prohibits including an employee’s social security number or any number derived from the social…
How the Federal Tort Claims Act Extricates Certain Health Care Providers From Data Breach Class Action Suits
John Cleary and Shundra Crumpton Manning of Polsinelli write: Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps…
Push to ban ransomware payments following Australia’s biggest cyberattack
Luke Huigsloot reports: The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand. […] The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay…
HHS Office for Civil Rights Announces the Expiration of COVID-19 Public Health Emergency HIPAA Notifications of Enforcement Discretion
Notifications of Enforcement Discretion expire at 11:59 pm on May 11, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announces that the Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health…