According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling and reporting of cybersecurity breaches. It turns out that such boards and departments may not be the only ones following the SEC’s increased focus
Cybersecurity
Cybersecurity Awareness Month Series: Cybersecurity is Important for Small Business Too.
Small businesses may be discouraged from investing in preventive cybersecurity measures due to the expense involved and the mistaken belief that only larger companies are the target of cybercrimes. But that is not the case. The FBI’s Internet Crime Report indicated the cost of cybercrimes against small businesses reached $2.4 billion in 2021, indicating that…
Sanction Policies Can Help Drive Cybersecurity and HIPAA Compliance, OCR Says
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions that arise in connection with the development and implementation of these policies. But they are…
Cybersecurity Awareness Month: FDA Guidance on Cybersecurity in Medical Devices
Cyber incidents are on the rise with no signs of slowing down, particularly in the healthcare industry. To combat this trend, on September 27, 2023, the U.S. Food and Drug Administration (FDA) released guidance on cybersecurity in medical devices for quality system considerations and on premarket submissions. The guidance is intended to replace the FDA’s 2014…
Cybersecurity Awareness Month Series: The California Consumer Privacy Act and Cybersecurity
There are numerous cybersecurity regulations and requirements for businesses to worry about but they may not be considering their cybersecurity regulations under privacy statutes. California was at the forefront of privacy regulations with the passage of the California Consumer Privacy Act (CCPA). Lawsuits under the CCPA began almost immediately after it was enacted in 2020.
Cybersecurity Awareness Month Series: Cybersecurity in the Hoosier State
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish reasonable administrative, technical, and physical security practices to protect the confidentiality, integrity, and accessibility of personal data, which implicates cybersecurity concerns.
Cybersecurity Awareness Month Series: FBI Director Asks for Help to Fight Cyber Attacks
When hit with a cybersecurity attack, organizations are often not inclined to bring in federal law enforcement. Recent comments by FBI Director Christopher Wray at Mandiant’s annual mWISE 2023 conference seek to encourage the private sector to reconsider, as reported in CIODive. Doing so is an important consideration and depending on certain factors, it…