The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to establishing an AI Security Center, illustrate the U.S.’s comprehensive approach to tackling this complex issue. The act sets the stage for a
Cybersecurity
Balancing Act: Industry Concerns Over CISA’s Proposed Cyber Incident Reporting Rule
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While designed to enhance CISA’s ability to monitor and respond to cyber threats, the rule has ignited a contentious debate. The concerns raised highlight…
Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of…
Rise in Healthcare Data Breaches & the Impact for Healthcare Providers in 2024
The healthcare sector is increasingly facing cyber-threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge in ransomware incidents reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Hacking alone…
Florida Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures that meet government- and industry-recognized standards. Specifically, Florida House Bill No. 473 (H.B. 473), known as the Cybersecurity Incident Liability Act, was…
Business Email Compromise: The Most Prevalent – and Preventable – Cyber Risk
Ransomware attacks that shut business down to zero and data breaches that disclose the personal information of customers, vendors and employees justifiably strike fear in the hearts of executives everywhere. Organizations can suffer the reputational and financial consequences of these events for years to come. Due diligence in the current regulatory environment requires a plan…
HHS Develops Strategy to Improve Security in the Healthcare Sector
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific cybersecurity performance goals that will include both minimum foundational practices and advanced goals for cybersecurity performance. By centralizing these performance goals into the Healthcare and Public…
Network Topology and Network Mapping: The NIST Cybersecurity Framework – Part 2
A previous installment discussed the centrality of network topology to an organization’s data security and outlined the legal framework and obligations incumbent upon many organizations in the U.S. The first installment can be found here. The second and final part of this series will discuss strategies for optimizing network topology and data security, focusing…
Data Breach 911: Five Immediate Steps to Take
For many, responding to an incident feels chaotic — questions swirling, uncertainties piling up, and no clear direction. Even when prepared with a well-rehearsed incident response plan, a data security incident places a company’s response team in a precarious situation of juggling numerous variables at once. In the chaos of determining whether a breach has…
Cybersecurity Awareness Month: A Basic Primer to Keep Your Data & Information Safe
As Cybersecurity Awareness Month comes to an end and the spooky season of Halloween is upon us, no one wants to live through a cybersecurity horror story. There are some simple precautions every business and household can participate in to help keep their data and information safe. We have outlined a few below with a…
Cybersecurity Compliance Issues with Verizon FCA Settlement Provides Helpful Suggestions on How to Reduce Liabilities or Mitigate Damages
Unfortunately, but as predicted earlier this year, the Department of Justice (DOJ) has shown no signs of pausing use of the False Claims Act (FCA) as a tool to enforce cybersecurity compliance.
On September 5, 2023, DOJ announced an FCA settlement with Verizon Business Network Services LLC based on Verizon’s failure to comply with…