Tag Archives: cyber

CISA Publishes Mitigation Guide to Combat Cyber Threats in the Healthcare and Public Health Sectors

If you need a little intellectual stimulation after hours of Thanksgiving turkey and football, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just the thing — the new CISA Mitigation Guide for the Healthcare and Public Health Sectors.  This somewhat technical guide is a little dry, but it offers solid recommendations and sugested best practices to combat the pervasive cyber threats affecting the Healthcare and Public Health (HPH) Sectors.… More

As If Bank Failures Aren’t Enough – Hackers Are Exploiting the Chaos to Breach Security

The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current events to mask their phishing campaigns to seem more believable and relevant.  As everyone now knows, Silicon Valley Bank (SVB) became one of the largest banks to fail since the 2008 financial crisis. More recently, First Republic Bank also failed. … More

Massachusetts Governor Issues Executive Order to Strengthen State’s Cyber Defenses

Governor Charlie Baker recently took steps to strengthen cybersecurity in Massachusetts by signing an executive order on December 14, 2022 creating an advisory panel to improve the state’s cyber defense. The new state task force will assess existing resources, develop contingency plans, and identify strategies for preventing future cyberattacks.  The goal of the task force is to ensure that the Bay State is at the forefront of the ever-evolving cybersecurity landscape.… More

US, UK, Australia, Canada and New Zealand Issue Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.

Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,… More

President Biden Signs Executive Order to Improve Cybersecurity and Protect Federal Government Networks

On May 12, 2021, President Biden signed an Executive Order which is aimed at improving the nation’s cybersecurity and protecting federal government networks.  The Executive Order has been in the works for some time, but the timing of its release is a response to the Colonial Pipeline ransomware attack.

According to the Fact Sheet issued by the White House, this Executive Order will:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernize and implement stronger cybersecurity standards in the Federal Government
  • Improve software supply chain security
  • Establish a Cybersecurity Safety Review Board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on Federal Government networks
  • Improve investigative and remediation capabilities

The overall impact of the Executive Order is limited,… More

Is Paying Ransomware Grounds for OFAC Sanctions? OFAC Says “Maybe”….

On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments.  In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….”  While this is an advisory and does not have the force of law,… More

US Security Officials Warning of Cyber Attacks in Wake of Iran Strike

On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone.  That DHS advisory states:

The United States designated Iran a “State Sponsor of Terrorism” in 1984 and since then, Iran has actively engaged in or directed an array of violent and deadly acts against the United States and its citizens globally.… More

FERC and NERC Talk Grid Resilience and Cybersecurity

On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More

Is Your Company’s Board of Directors Cyber Savvy?

Every company should expect that at some point it will experience a data breach. Whether as a result of hackers, disgruntled employees, or careless acts such as losing an unencrypted phone or laptop, data breaches may subject companies to liability and must be handled with speed and great care. What are the responsibilities of directors in preventing and addressing data breaches?

Without a doubt, directors must be generally aware of the data security risks facing the company and ensure that the company is prepared to manage those risks appropriately and has an incident response plan for a data breach.… More