A new Mississippi law, known as the Walker Montgomery Protecting Children Online Act, has prompted several companies to block Mississippi IP addresses from accessing their platforms. In fact, social media company Bluesky posted a response to the enactment of the law on its website. Bluesky explained the decision to make their app unavailable to Mississippi
During the 2024 legislative session, the Colorado General Assembly passed Senate Bill 24-205, which is known as the Colorado Artificial Intelligence Act (CAIA). This law will take effect on February 1, 2026, and requires developers and deployers of a high-risk AI system to protect Colorado residents (“consumers”) from risks of algorithmic discrimination. Notably, the Act
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications for the proposed updates to the Security Rule. Last week’s post on the updates related to Vulnerability Management, Incident
In 2024, the government and whistleblowers were party to 558 settlements and judgments collecting over $2.9 billion. The government continued its effort to combat cybersecurity threats through its Civil Cyber-Fraud Initiative, which is dedicated to using the FCA to ensure that federal contractors and grantees are compliant with cybersecurity requirements. Settlements in 2024 included allegations
Bradley has launched a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, beginning last week with an overview. The Notice of Proposed Rulemaking (NPRM) published on January 6, 2025. This marks the first update
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Notice of Proposed Rulemaking (NPRM) was published on January 6, 2025
On October 11, 2024, the United States Department of Defense (DOD) published a final rule implementing its Cybersecurity Maturity Model Certification (CMMC) program, which is designed to verify that defense contractors are adequately protecting sensitive information from cybersecurity threats. The CMMC applies to contractors who process, store, or transmit Controlled Unclassified Information (CUI) or Federal
October is Cybersecurity Awareness Month, making it an ideal time to revisit the most impactful and widely-read blog posts on our Cybersecurity & Privacy blog from the past year. As cyber threats become more sophisticated and widespread, staying informed is crucial. Our top five blog posts cover a range of vital issues: the alarming rise
Bradley’s Government Enforcement and Investigations team keeps a close eye on the different ways the government is using the False Claims Act (FCA) to seek redress for cybersecurity deficiencies and force companies into a new technological era. Check out this blog post by Brad Robertson and Cara Rice, two members of Bradley’s Government Enforcement
The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to establishing an AI Security Center, illustrate the U.S.’s comprehensive approach to tackling this complex issue. The act sets the stage for a
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While designed to enhance CISA’s ability to monitor and respond to cyber threats, the rule has ignited a contentious debate. The concerns raised highlight