October is Cybersecurity Awareness Month, making it an ideal time to revisit the most impactful and widely-read blog posts on our Cybersecurity & Privacy blog from the past year. As cyber threats become more sophisticated and widespread, staying informed is crucial. Our top five blog posts cover a range of vital issues: the alarming rise in healthcare data breaches and their impacts (Alexis Buese, Eric Setterlund), the new era of mandatory cybersecurity incident reporting (Sinan Pismisoglu), the significant legislative changes addressing ransomware (Sinan Pismisoglu, Eric Setterlund), essential immediate steps to take following a data breach (Erin Jane Illman, Brett Lawrence), and how a recent, $4.1 million FCA settlement underscores the importance of cybersecurity compliance (Daniel Fortune, Lyndsay Medlin). Take a moment to explore these articles and stay ahead in the ever-evolving cybersecurity landscape.
Rise in Healthcare Data Breaches & the Impact for Healthcare Providers in 2024 by Alexis Buese, Eric Setterlund
The healthcare sector is increasingly facing cyber-threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge in ransomware incidents reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Hacking alone was responsible for 79% of the major breaches reported to OCR in 2023. These breaches have had a profound impact, affecting over 134 million individuals in 2023 alone, marking a 141% increase from the previous year. In response to rise in cyber-threats within the healthcare industry covered entities and business associates subject to the Health Insurance Portability and Accountability Act (HIPAA) should be proactive in aiming to mitigate or prevent the growing menace of cyber-attacks. This article will delve into OCR’s guidance, exploring the practical steps and measures that organizations can implement to bolster their cybersecurity defenses.
Read the full article here: Rise in Healthcare Data Breaches & the Impact for Healthcare Providers in 2024
Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses by Sinan Pismisoglu
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of Proposed Rulemaking (NPRM) on April 4, 2024. This notice aims to enforce the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Essentially, this means that “covered entities” must report specific cyber incidents and ransom payments to CISA within defined timeframes.
Read the full article here: Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses
Ransomware Reckoning – The New Bill Changes the Game by Sinan Pismisoglu, Eric Setterlund
The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to establishing an AI Security Center, illustrate the U.S.’s comprehensive approach to tackling this complex issue. The act sets the stage for a resilient defense against ransomware by fostering public-private partnerships and maintaining accountability. In this post, we explore the act’s critical cybersecurity and ransomware-related provisions and their implications for enhancing the nation’s security posture.
Read the full article here: Ransomware Reckoning – The New Bill Changes the Game
Data Breach 911: Five Immediate Steps to Take by Erin Jane Illman, Brett Lawrence
For many, responding to an incident feels chaotic — questions swirling, uncertainties piling up, and no clear direction. Even when prepared with a well-rehearsed incident response plan, a data security incident places a company’s response team in a precarious situation of juggling numerous variables at once. In the chaos of determining whether a breach has occurred, companies may forget to think through the most important issues. For example, restoring network access and network security is typically the response team’s primary objective, while legal obligations and strategies are often forgotten. Though business continuity is a crucial step in the process, failure to prioritize the following critical aspects in responding to a breach could have consequences later.
Read the full article here: Data Breach 911: Five Immediate Steps to Take
Cybersecurity Compliance Issues with Verizon FCA Settlement Provides Helpful Suggestions on How to Reduce Liabilities or Mitigate Damages by Daniel Fortune, Lyndsay E. Medlin
Unfortunately, but as predicted earlier this year, the Department of Justice (DOJ) has shown no signs of pausing use of the False Claims Act (FCA) as a tool to enforce cybersecurity compliance. On September 5, 2023, DOJ announced an FCA settlement with Verizon Business Network Services LLC based on Verizon’s failure to comply with cybersecurity requirements with respect to services provided to federal agencies. Verizon contracted with the government to provide secure internet connections but fell short of certain Trusted Internet Connections (TIC) requirements.
Compared to the approximate $9 million Aerojet settlement in 2022, Verizon’s approximately $4.1 million settlement appears to provide helpful suggestions on how to reduce liabilities or mitigate damages. For example, Verizon cooperated and self-disclosed its shortcomings, and the government emphasized the company’s level of cooperation and self-disclosure in their press release. Even as cybersecurity requirements become more complex, tried and true compliance strategies remain key to mitigating damages. Companies should encourage a culture of self-reporting and agency.
Read the full article here: Cybersecurity Compliance Issues with Verizon FCA Settlement Provides Helpful Suggestions on How to Reduce Liabilities or Mitigate Damages