On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory regarding potential sanctions risks related to facilitating ransomware payments, as covered in this post from Foley Hoag’s Security, Privacy, and the Law blog.
OFAC is the federal agency responsible for implementing and enforcing U.S. sanctions against individuals, entities, and foreign governments involved in terrorism,… More
As founding counsel and a continuing member of the Advanced Cybersecurity Center, Foley Hoag is pleased to invite you to join us in these two programs, part of the ACSC’s 10th annual conference.
Foley Hoag partner Colin Zick weighs in on large health systems putting substantial resources into IT. “It’s not being ignored, but it’s a tough problem. Ransomware is turning into a big business.”
Click here to read the full Fierce Healthcare article. More
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments. In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….” While this is an advisory and does not have the force of law,… More
With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches, enforcement actions against them have been few and far between. But a sizable settlement announced on September 23, 2020 by the Office for Civil Rights at the U.S.… More
What are best practices for handling a data security incident? Every phase of a data security incident requires thoughtful and measured action – from discovery, to investigation, to post-investigation compliance. Even planning for an incident before it happens is important to lay the groundwork for the most effective response.
Foley Hoag partners Chris Hart and Veronica Jennings talk through best practices in responding to,… More
Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy and security of their data in an ever-changing digital economy.”
The leadership of the Office of the Attorney General’s (OAG’s) privacy and security efforts will not change: Sara Cable,… More
In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs, which go on at length about how the Swiss-US Privacy Shield is still in place and the steps that businesses can take to participate:
The Swiss-U.S.… More
On July 23, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), joined by the National Security Agency (NSA), issued a cybersecurity alert to operators of critical infrastructure. This cybersecurity alert outlines a series of “immediate actions” companies should take to reduce the risk of operational interference resulting from cyberattack. Unlike the bulletin issued by the Department of Homeland Security in January of 2020,… More
On Wednesday, June 24, 2020, the Federal Energy Regulatory Commission (FERC or “the Commission”) published a Notice of Inquiry (NOI) in the Federal Register soliciting comments on 
potential enhancements to the Critical Infrastructure Protection (CIP) Reliability Standards[1] that currently exist to help our energy infrastructure protect itself from attack. (Initial Comments are due by August 24, 2020, and Reply Comments are due by September 22,… More