October is Cybersecurity Awareness Month, making it an ideal time to revisit the most impactful and widely-read blog posts on our Cybersecurity & Privacy blog from the past year. As cyber threats become more sophisticated and widespread, staying informed is crucial. Our top five blog posts cover a range of vital issues: the alarming rise
Eric Setterlund
Eric Setterlund serves as counsel in Bradley’s Healthcare and Cybersecurity and Privacy practice groups. He has extensive experience with matters related to healthcare privacy, security protections and regulatory compliance. Prior to joining the firm, Eric served as chief privacy officer and privacy and data counsel for BlueCross BlueShield of Tennessee. He draws upon his real-world business and program management experience to provide his clients practical advice for complex regulatory and transactional matters.
Ransomware Reckoning – The New Bill Changes the Game
The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to establishing an AI Security Center, illustrate the U.S.’s comprehensive approach to tackling this complex issue. The act sets the stage for a…
Balancing Act: Industry Concerns Over CISA’s Proposed Cyber Incident Reporting Rule
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While designed to enhance CISA’s ability to monitor and respond to cyber threats, the rule has ignited a contentious debate. The concerns raised highlight…
Rise in Healthcare Data Breaches & the Impact for Healthcare Providers in 2024
The healthcare sector is increasingly facing cyber-threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge in ransomware incidents reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Hacking alone…
Florida Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures that meet government- and industry-recognized standards. Specifically, Florida House Bill No. 473 (H.B. 473), known as the Cybersecurity Incident Liability Act, was…
HHS Develops Strategy to Improve Security in the Healthcare Sector
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific cybersecurity performance goals that will include both minimum foundational practices and advanced goals for cybersecurity performance. By centralizing these performance goals into the Healthcare and Public…
The California “Delete Act” Becomes Law
On October 10, 2023, California Gov. Gavin Newsom signed SB 362 into law. The “Delete Act” is a key piece of privacy legislation designed to further protect consumer online privacy rights and place further obligations on data brokers.
The Delete Act heavily amends California’s existing data broker law and seeks to establish a one-stop shop…
Tabletop Exercises as Risk Mitigation Tools
As cyber threats have evolved and expanded, cybersecurity has emerged as a threat to organizations across sectors, and there is more urgency than ever for companies to remain vigilant and prepared. Cybersecurity incidents can come with legal implications and lead to substantial financial losses, and members of the board must increasingly be involved and knowledgeable…
How a Zero-Day Flaw in MOVEit Led to a Global Ransomware Attack
In an era where our lives are ever more intertwined with technology, the security of digital platforms is a matter of national concern. A recent large-scale cyberattack affecting several U.S. federal agencies and numerous other commercial organizations emphasizes the criticality of robust cybersecurity measures.
The Intrusion
On June 7, 2023, the Cybersecurity and Infrastructure Security…
Tennessee Passes Comprehensive Data Privacy Law
Tennessee has joined the growing number of states that have enacted comprehensive data privacy laws. On the final day of this year’s legislative session, the Tennessee legislature passed the Tennessee Information Protection Act (TIPA), and Governor Bill Lee signed TIPA into law on May 11, 2023.
TIPA marks a significant development in data privacy…
Data Privacy Day Is Here; Bradley to Host Webinar on January 27
Data Privacy Day, annually celebrated on January 28, is the new year nudge we need to prioritize the safety of our personal information. The digital world will continue to evolve, and the line between our online and offline lives will continue to blur. As we continue to rely on digital technology to manage our personal…