Key Considerations for Health App Developers from the FTC

If your company creates health-related apps, the Federal Trade Commission (FTC) has set out some key considerations:

  • Make accurate representations. Clearly explain how people’s information will be used and shared and then live up to those promises. If your company has deployed apps to read credentials at storefronts, ensure that those businesses understand your practices and the limits on how they may use the data you share.…
  • More

CISA, FBI, and DOE Release Joint Cybersecurity Advisory in Light of Increased Threats to Energy Sector’s Cybersecurity

On March 24, 2022, the Department of Justice unsealed two indictments charging four Russian government employees in two hacking campaigns that targeted critical infrastructure in the energy sector.  We cover these indictments in depth here.  Concurrently, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) jointly published a Cybersecurity Advisory (CSA) relating to the hacks.… More

US Unseals Indictments of Four Russian Government Employees in Connection with Cyber Attacks on Energy Sector

The United States Department of Justice unsealed two indictments in March involving four Russian government employees who have been charged in connection with two separate hacking conspiracies targeting the global energy sector.  These campaigns took place between 2012 and 2018 and affected thousands of computers, hundreds of organizations, and approximately 135 countries.

These indictments were unsealed just days after President Joe Biden publicly warned US business executives that Russia is exploring using cyberattacks as part of its offensive strategy during its continued attacks on Ukraine. … More

US, UK, Australia, Canada and New Zealand Issue Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.

Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,… More

A Comprehensive Privacy Law May Be Heading for Massachusetts, And Businesses Should Prepare (originally on the MassTLC Blog)

Eds. Note:  This post was originally published on the MassTLC Blog.

Get ready: there’s a good chance that comprehensive data privacy legislation is coming to the Commonwealth.  If your business is not already compliant with the European Union’s or UK’s General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), then you might have some work to do.

Proposals for general data protection legislation are not new to Massachusetts;… More

Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure (i.e., Dealing with the Fallout from Russia’s Invasion of Ukraine)

The Cybersecurity & Infrastructure Security Agency (“CISA”) has just released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors (i.e., Russia) may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors. … More

The proposed Massachusetts Information Privacy and Security Act: Will This Be the Year Massachusetts Finally Updates Its Consumer Privacy Laws?

Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California.  The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.

The 65 page long bill would,… More

U.S. Department of Homeland Security Launches First-Ever Cyber Safety Review Board

Earlier this week, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity. The CSRB is a public-private initiative that will bring together government and industry leaders to elevate U.S. cybersecurity.

The CSRB will review and assess significant cybersecurity events, so that government,… More

Cybersecurity 2022 – The Year in Preview: Continued Threats to Nation’s Energy Supply as Regulators Race to Keep Up

Continued Threats of Ransomware Attacks

As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure.  These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More