Policy & Regulation: Page 3
-
Five Eyes implores critical infrastructure execs to take China-linked threats seriously
Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.
By Matt Kapko • March 20, 2024 -
More warnings emerge about state-linked cyber threats to water infrastructure
The White House and EPA set an urgent virtual meeting with state homeland security and other top officials, citing efforts to boost the resiliency of drinking and wastewater treatment systems.
By David Jones • March 20, 2024 -
How companies describe cyber incidents in SEC filings
The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.
By Matt Kapko • March 19, 2024 -
Opinion
Threat environment is changing for individuals and SMBs, White House order shows
An executive order is trying to prevent the large-scale transfer of Americans’ data, as countries seek troves of U.S. data for blackmail, AI training and analysis, among a multitude of other purposes.
By Michael Kosak • March 18, 2024 -
What’s material to the SEC, 3 months into cyber disclosure rules?
As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.
By David Jones • March 18, 2024 -
Stronger FCC data breach reporting rules for telecom go live
The updated rules expand the scope of breach disclosure requirements to cover all PII and carriers have to notify customers within 30 days of determining a breach occurred.
By Matt Kapko • March 15, 2024 -
FCC approves voluntary cyber labeling program for smart home IoT devices
The Biden administration wants the U.S. Cyber Trust Mark program to incentivize higher security standards in future IoT product development.
By David Jones • March 15, 2024 -
HHS opens investigation into Change Healthcare cyberattack
The Office for Civil Rights will focus on whether protected health information was breached and if UnitedHealth complied with privacy and security requirements.
By Emily Olsen • March 14, 2024 -
White House adds teeth to secure software development requirements
CISA and OMB released an attestation form to ensure compliance with secure development practices.
By David Jones • March 13, 2024 -
White House meets with UnitedHealth, industry groups on Change Healthcare cyberattack fallout
Officials called on payers to cut red tape and offer financial support to providers, including advanced payments.
By Emily Olsen • March 13, 2024 -
CMS rolls out provider flexibilities amid fallout from Change cyberattack
Provider groups said the government should go further to financially bolster providers during the outage at Change Healthcare.
By Emily Olsen • March 5, 2024 -
Provider groups urge HHS, Congress to mitigate damage from Change cyberattack
The American Hospital Association and the American Medical Association pushed the federal government to offer more financial support as the Change outage limits providers’ ability to receive payment.
By Emily Olsen • March 5, 2024 -
NIST makes it official: governance is a critical part of cybersecurity
A collection of resources accompany CSF 2.0 to make the guidance easier for businesses to use and put into practice across their operations.
By Matt Kapko • Feb. 29, 2024 -
Utility regulators take steps to raise sector’s cybersecurity ‘baselines’
The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.
By Robert Walton • Feb. 29, 2024 -
MGM Resorts’ cyberattack headache continues as regulators launch investigations
The company said it could face fines in connection with regulatory inquiries stemming from the social engineering attack.
By David Jones • Feb. 26, 2024 -
HHS reaches second-ever ransomware settlement
A mental healthcare provider didn’t have sufficient protections in place before a ransomware attack exposed the protected health information of more than 14,000 people, according to the HHS’ Office for Civil Rights.
By Emily Olsen • Feb. 22, 2024 -
Biden administration issues executive order on port cybersecurity
The order will transfer crane manufacturing back to the U.S., amid concerns about potential cyber risk to port facilities, maritime transportation and threats from China.
By David Jones • Feb. 21, 2024 -
LockBit operations dismantled following international takedown
An international group of law enforcement partners seized the infrastructure of the prolific ransomware group, obtaining decryption keys along the way.
By David Jones • Feb. 20, 2024 -
FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard
Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.
By David Jones • Feb. 16, 2024 -
State Department puts $10M bounty on AlphV ransomware group
The prolific ransomware group and its affiliates are behind some of the most high-profile attacks in the last year.
By Matt Kapko • Feb. 15, 2024 -
CISA blitzes Super Bowl with cyber campaign as businesses fumble security
CISA brought its Secure Our World initiative to Las Vegas, for the biggest annual event in sports. Will anyone heed the advice?
By Matt Kapko • Feb. 9, 2024 -
National cyber director urges private sector collaboration to counter nation-state cyber threat
Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.
By David Jones • Feb. 9, 2024 -
HHS settles cybersecurity investigation with Montefiore Medical Center
The nonprofit will pay $4.75 million to settle allegations that data security failures allowed an employee to steal and sell the protected health information of thousands of patients.
By Emily Olsen • Feb. 8, 2024 -
CISA, FBI confirm critical infrastructure intrusions by China-linked hackers
Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.
By David Jones • Feb. 7, 2024 -
Mortgage industry attack spree punctuates common errors
Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.
By Matt Kapko • Feb. 6, 2024