Luca Bertuzzi reports: European Commission President Ursula von der Leyen announced on Wednesday (15 September) a Cyber Resilience Act aimed at setting common cybersecurity standards for connected devices. […] The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands…
Category: Legislation
U.S. Treasury Department: Publication of Updated Ransomware Advisory; Cyber-related Designation
Treasury Takes Robust Actions to Counter Ransomware WASHINGTON — As part of the whole-of-government effort to counter ransomware, the U.S. Department of the Treasury today announced a set of actions focused on disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and…
Ransomware Resources for HIPAA Regulated Entities
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…
FTC’s Health Breach Notification Rule — Wait, did you say “FTC’s???”
What does it say when a HIPAA lawyer with years of experience says he didn’t know the FTC has a health breach notification rule? Seen on Jeff Drummond’s blog: ” The U.S. Federal Trade Commission issued a policy statement this week confirming that connected devices and health apps that use or collect consumers’ health information must notify users…
Office of the Privacy Commissioner for Bermuda Issues Data Breach Guide
Odia Kagan of Fox Rothschild writes: The Office of the Privacy Commissioner for Bermuda has issued a helpful guide on the various types of harm that could be caused by a data breach. The office also referred to the Future of Privacy Forum research on potential harms. Read more here, In their guidance, the Bermuda privacy…
FTC Warns Health Apps and Connected Device Companies to Comply With Health Breach Notification Rule
The Federal Trade Commission today issued a policy statement affirming that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule, which requires that they notify consumers and others when their health data is breached. In a policy statement adopted during an open meeting, the Commission noted…