Category Archives: Regulatory

Texas Attorney General Issues Consumer Alert Warning Texans of Potential Scams Following Nationwide CrowdStrike Outage

FOR IMMEDIATE RELEASEJuly 19, 2024www.texasattorneygeneral.govPRESS OFFICE: (512) 463-2050Communications@oag.texas.govAttorney General Ken Paxton Issues Consumer Alert Warning Texans of Potential Scams Following Nationwide CrowdStrike Outage   AUSTIN – Texas Attorney General Ken Paxton warned Texans of potential scams following the widespread CrowdStrike service outage.  Texans should be aware that bad actors can use cybersecurity incidents to take advantage …

Continue reading “Texas Attorney General Issues Consumer Alert Warning Texans of Potential Scams Following Nationwide CrowdStrike Outage”

OCR Settles HIPAA Security Rule Enforcement Action with Heritage Valley Health System Stemming from Ransomware Attack

On July 2, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with Heritage Valley Health System (Heritage Valley), a healthcare provider operating in Pennsylvania, Ohio, and West Virginia. This is the OCR’s third ransomware settlement and is based on allegations of potential violations of the Health …

Continue reading “OCR Settles HIPAA Security Rule Enforcement Action with Heritage Valley Health System Stemming from Ransomware Attack”

Texas Attorney General Launches Major AI, Data Privacy, and Security Initiative

FOR IMMEDIATE RELEASEJune 4, 2024www.texasattorneygeneral.govPRESS OFFICE: (512) 463-2050Communications@oag.texas.gov Attorney General Ken Paxton Launches Data Privacy and Security Initiative to Protect Texans’ Sensitive Data from Illegal Exploitation by Tech, AI, and Other Companies  AUSTIN – Texas Attorney General Ken Paxton has launched a major data privacy and security initiative, establishing a team that is focused on aggressive …

Continue reading “Texas Attorney General Launches Major AI, Data Privacy, and Security Initiative”

Microsoft — Yep, You Read That Right, Microsoft — Just Got Hit With a Successful Cyber Attack! What Does this Mean for Your Company?

“There is no such thing as ‘secure’ when it comes to cybersecurity.” “The odds in cybersecurity are impossible — those defending have to get it right 100% of the time and those attacking only need one lucky shot.” These are a few of the sayings that I have used throughout the years when trying to …

Continue reading “Microsoft — Yep, You Read That Right, Microsoft — Just Got Hit With a Successful Cyber Attack! What Does this Mean for Your Company?”

HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework”

The White House Cybersecurity Plan – the Devil is in the Details

“The devil is in the details” — that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our discussion in her Wired article The High-Stakes Blame Game in the White House Cybersecurity Plan. I appreciate that the Administration is talking …

Continue reading “The White House Cybersecurity Plan – the Devil is in the Details”

SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance

“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be …

Continue reading “SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance”

Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI

On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …

Continue reading “Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI”

“Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony

Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn’t, that’s ok, here’s another reminder. My …

Continue reading ““Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony”

OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month

On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare …

Continue reading “OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month”