On May 23, 2023, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions,… More
Monthly Archives: May 2023
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under the GDPR, where the text of the regulation creates practical compliance complications under various scenarios.
Expiration of COVID-19 Public Health Emergency Means the Beginning of the End for HIPAA Privacy and Security Enforcement Discretion
The Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the COVID-19 public health emergency expired at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency.
As previously announced, the HHS Office for Civil Rights (“OCR”) is providing a 90-calendar day transition period for covered health care providers to come into compliance with the HIPAA Rules with respect to the provision of telehealth in particular.… More
The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current events to mask their phishing campaigns to seem more believable and relevant. As everyone now knows, Silicon Valley Bank (SVB) became one of the largest banks to fail since the 2008 financial crisis. More recently, First Republic Bank also failed. … More
2023 is turning out to be the year of the state privacy law, including new laws in five states with the possibility of more to come. Indeed, in recent days both Indiana and Iowa have likewise passed new statutes, which we will detail in a forthcoming blog. These new laws, which are largely inspired by the California Consumer Privacy Act (“CCPA”) and the European Union’s General Data Protection Regulation (“GDPR”),… More
In recent years, the FTC has increasingly focused on protecting consumers’ access to healthcare, through both its competition and its consumer protection missions. Similarly, the FTC has become a force in federal privacy regulation, second only to the Office for Civil Rights of the Department of Health and Human Services. On occasion, the FTC’s priorities in access to health care and health information privacy have come together,… More
Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017. Cyber attacks have only continued to rise, with a record high of 13 reported attacks in one year occurring in 2022.
Physical Security Threats to U.S. Energy Infrastructure
A new type of threat against the energy sector crystallized at the end of 2022: physical attacks on the grid. … More