Cyber

In preparation for upcoming requests for proposals, the Cybersecurity and Infrastructure Security Agency has posted a Request For Information about centralized platforms for overseeing federal agencies’ efforts to fix vulnerabilities identified by security researchers. An entity with a commercially available software as a service platform would receive all of the security researchers’ reports, handle the […]

Virginia’s new Insurance Data Security Act, effective July 1, requires all regulated insurance entities to: Maintain an information security program Investigate all cybersecurity events Notify the Commissioner of Insurance of cybersecurity events Notify consumers affected by cybersecurity events. The legislation is based on a model law drafted by the National Association of Insurance Commissioners and […]

Concerned that amendments have weakened the CCPA, and that consumers still do not understand how their personal information is being used by businesses, proponents of the law have proposed a ballot initiative titled the California Privacy Rights Act of 2020, colloquially known as CCPA 2.0. It’s likely that enough signatures have been collected to put […]

Healthcare organizations need to diligently assess whether a security incident involving patient information truly qualifies as a reportable breach under HIPAA to avoid needlessly reporting it to federal regulators, says regulatory attorney Helen Oscislawski. In a 16-minute audio interview, she also discusses: Potential circumstances when insider security or privacy incidents might not qualify as reportable breaches […]

The United Kingdom’s National Cyber Security Centre is reviewing the impact that new U.S. sanctions against Huawei could have on Britain’s deployment of 5G technology. UK officials decided in January to allow their equipment in up to 35 percent of the country’s 5G deployments – at least in the system’s less sensitive parts – but […]

In March, Maryland Governor Larry Hogan called in the National Guard to help with COVID-19 tests and screening, but also with cybersecurity assessments. Just...

Beginning on July 1, the California Attorney General’s office may bring enforcement actions and levy penalties for any violation of the CCPA. It may do so after a 30-day notice and cure period, seeking penalties of up to $2,500 per violation, or up to $7,500 per intentional violation. For example, if a business fails to […]

DHS’s Cybersecurity and Infrastructure Security Agency says it has put heightened defense measures for health-care-focused organizations and research facilities in place as foreign government-backed hackers continue to try to steal U.S. coronavirus research. CISA is regularly scanning the internet-connected devices of top pharmaceutical companies and research institutions for vulnerabilities and trying to get them fixed […]

With data collection for the 2020 census underway, the Census Bureau is thinking about how artificial intelligence and other capabilities might help address some sore points, and it has issued a Request For Information about how certain acquisitions might help it improve cybersecurity in a number of areas. The bureau’s cybersecurity posture has received some […]

The currently increased level of remote working exposes organizations to greater cybersecurity risks, and attackers are taking advantage of the opportunity. In addition to taking basic measures to avoid being an easy target, Poyner Spruill present five steps to take immediately in preparation for an attack: Review your Incident Response Plan. Review expert guidance. Have […]