Policy & Regulation: Page 4

HHS settles cybersecurity investigation with Montefiore Medical Center

The nonprofit will pay $4.75 million to settle allegations that data security failures allowed an employee to steal and sell the protected health information of thousands of patients.

By Emily Olsen • Feb. 8, 2024

CISA, FBI confirm critical infrastructure intrusions by China-linked hackers

Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.

By David Jones • Feb. 7, 2024

Mortgage industry attack spree punctuates common errors

Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

By Matt Kapko • Feb. 6, 2024

Business, technology groups back SolarWinds motion to dismiss SEC charges

Former U.S. cybersecurity officials and a group of current and former CISOs warned the fraud suit against SolarWinds could chill intel sharing from the private sector.

By David Jones • Feb. 5, 2024

Blackbaud settles FTC data security probe into 2020 ransomware attack

The company is required to delete unnecessary data and inform the agency of future breaches.

By David Jones • Feb. 2, 2024

China-linked hackers primed to attack US critical infrastructure, FBI director says

Christopher Wray and other top cybersecurity officials warned state-linked hackers are prepositioning for catastrophic attacks to distract from a potential military action.

By David Jones • Feb. 1, 2024

White House rejects efforts to undo SEC cyber disclosure rule

President Joe Biden would veto the joint resolution that aims to strip the agency’s authority to require companies to disclose cyber incidents and governance processes, the administration said Wednesday.

By Matt Kapko • Jan. 31, 2024

What’s ahead for cybersecurity in 2024

A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.

By Naomi Eide • Jan. 31, 2024

In 2024, the cybersecurity industry awaits more regulation — and enforcement

Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.

By David Jones • Jan. 31, 2024

MOVEit liabilities mount for Progress Software

The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

By Matt Kapko • Jan. 30, 2024

Will the movement to ban ransom payments gain steam in 2024?

Policies and regulations around ransomware payments are widely expected to change in 2024, but how and to what effect remains in flux.

By Matt Kapko • Jan. 23, 2024

CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

By David Jones • Jan. 19, 2024

CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

By Matt Kapko • Jan. 19, 2024

5 cybersecurity trends to watch in 2024

Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up, 2024 is here.

By David Jones , Matt Kapko • Jan. 10, 2024

CISA seeks comment on secure by design principles to boost global software security

The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

By David Jones • Dec. 21, 2023

Cyber risk strategies in hot seat as SEC rules go live

A new climate of regulatory scrutiny is pushing companies to reassess how they manage cyber governance and mitigation at the highest levels.

By David Jones • Dec. 20, 2023

US leads AlphV ransomware infrastructure takedown

Law enforcement released a decryptor for the prolific threat group and ransomware affiliate service behind some of 2023’s most high-profile attacks.

By Matt Kapko • Dec. 19, 2023

What the SEC weighed in finalizing the cyber disclosure rules

The SEC's head of the corporate finance division said the burden of meeting compliance and fears of tipping off threat groups were carefully considered prior to final recommendations.

By David Jones • Dec. 18, 2023

Senate confirms Harry Coker Jr. as national cyber director

The national security veteran assumes the role at a critical time, tasked with implementing the White House’s national cybersecurity strategy.

By Matt Kapko • Dec. 13, 2023

Check Point Software in SEC settlement talks in connection with SolarWinds probe

The cybersecurity firm provided documents and other information related to the 2020 supply chain hack of the SolarWinds Orion platform.

By David Jones • Dec. 13, 2023

FBI to field SEC cyber incident disclosure delay requests

Publicly-traded companies can request incident disclosure delays, but the bar is high. A filing would have to pose a significant threat to public safety or national security.

By Matt Kapko • Dec. 12, 2023

White House wants to set minimum cyber standards for hospitals, healthcare

The sector has faced a wave of ransomware linked to the critical CitrixBleed vulnerability, which has led to major attacks from LockBit and other threat groups.

By David Jones • Dec. 11, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions.

By David Jones • Dec. 8, 2023

CISA performance goals program trims exploited CVEs

Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

By David Jones • Dec. 6, 2023

Water utility cyberattacks underscore ongoing threat to OT

U.S. officials urged water utilities and industrial sites to employ basic configuration safeguards like securing internet-facing devices and changing default passwords following a series of attacks.

By David Jones • Dec. 5, 2023