The Cybersecurity and Infrastructure Security Agency (CISA), an agency within the Department of Homeland Security, recently issued an Autonomous Ground Vehicle Security Guide (Guide). Because autonomous-vehicle (AV) pilot...more
Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more
10/1/2021
/ Affirmative Defenses ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Information Security Modernization Act (FISMA) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes
The COVID-19 pandemic has led to the rapid expansion and widespread adoption of telehealth/telemedicine services, significantly altering how health care providers deliver—and how consumers access—medical services around the...more
On June 2 and 3, the U.S. National Institute of Standards and Technology (NIST) held a workshop focused on the President’s recent Executive Order on Improving the Nation’s Cybersecurity (Order) during which government...more
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA)....more
On April 27, 2021, the New York State Department of Financial Services (“DFS” or the “Department”) released a report regarding its investigation into the response by DFS covered entities to the SolarWinds supply chain attack....more
5/5/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
NYDFS ,
Russia ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
Ransomware victims face a nearly impossible decision: pay criminals holding their business hostage or refuse and face possible crippling consequences. This decision requires careful analysis of a number of considerations, and...more
2/25/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Incident Response Plans ,
Information Technology ,
New Guidance ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Ransomware
Companies in the life sciences and health care industry, like most companies, navigated unparalleled challenges in 2020. But unlike other industries, they had to do so while simultaneously facing the biggest challenge of all...more
On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance....more
2/17/2021
/ Consumer Insurance Products ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
Insurance Regulations ,
NYDFS ,
Popular ,
Risk Management ,
State and Local Government
Virginia is on track to be the second U.S. state to enact comprehensive consumer privacy legislation. Both the Virginia House of Delegates and the Virginia Senate have passed nearly identical versions of the Consumer Data...more
2/10/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Risk Management ,
State and Local Government
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
Following promises of increased enforcement, on July 22, 2020, the New York Department of Financial Services (NYDFS) announced the first cybersecurity enforcement action pursuant to its Cybersecurity Regulation, which...more
Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic....more
The COVID-19, and the various restrictions that have been implemented in response to it, are causing extraordinary business disruptions. Many organizations have had to modify their operational controls and accommodate a shift...more
On March 11, the Word Health Organization officially characterized the coronavirus (COVID-19) outbreak as a pandemic. During the outbreak, many employers around the world are seeking to prioritize the well-being and safety of...more
3/16/2020
/ Business Continuity Plans ,
Business Interruption ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Infectious Diseases ,
Information Security ,
Malware ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
We are pleased to provide you with the third annual installment of our Life Sciences and Health Care Horizons guide. For each of these guides, we have asked our industry thought leaders throughout the world to write about...more
2/26/2020
/ 3D Printing ,
AIDS ,
Analytics ,
Artificial Intelligence ,
Biosimilars ,
Biotechnology ,
Blockchain ,
California Consumer Privacy Act (CCPA) ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Department of Defense (DOD) ,
Digital Health ,
Drug Distribution ,
Drug Pricing ,
EU ,
Federal Funding ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Technology ,
HIV ,
Incident Response Plans ,
Intellectual Property Protection ,
Life Sciences ,
Medical Device Data System ,
Medical Devices ,
Medical Software ,
Over The Counter Drugs (OTC) ,
Pharmaceutical Industry ,
PHI ,
Prescription Drugs ,
Procurement Guidelines ,
Regulatory Standards ,
Research and Development ,
Right to Try ,
Robotics ,
Supply Chain ,
Telehealth
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more
10/22/2019
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
NIST ,
OCR ,
Personally Identifiable Information ,
PHI ,
Right of Access ,
Risk Assessment
On 1 October 2019 the International Medical Device Regulators Forum (IMDRF) Medical Device Cybersecurity Working Group released a draft document titled "Principles and Practices for Medical Device Cybersecurity" (IMDRF...more
10/10/2019
/ Cybersecurity ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
International Medical Device Regulators Forum (IMDRF) ,
Life Sciences ,
Manufacturers ,
Medical Devices ,
Network Security ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Vulnerability Assessments
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding...more
8/8/2019
/ Biometric Information ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Cuomo ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more
On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices"(premarket cybersecurity guidance). This coincided...more
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more
10/18/2018
/ Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Hackers ,
Information Technology ,
Internet of Things ,
Mobile Devices ,
New Legislation ,
Popular ,
Risk Management ,
Security Standards ,
State and Local Government
With the continued explosion of software and software-controlled medical devices, including the growing use of machine learning and artificial intelligence, the FDA (the Agency) Medical Device Safety Action Plan (the Plan)...more
4/26/2018
/ Connected Items ,
Cybersecurity ,
Data Breach ,
Food and Drug Administration (FDA) ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Standards ,
Risk Management
Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more
3/12/2018
/ Best Practices ,
Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Life Sciences ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Risk Management ,
Security Risk Assessments ,
Training
Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more
3/6/2018
/ Cyber Threats ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Interpretive Rule ,
Non-Public Information ,
Publicly-Traded Companies ,
Regulation FD ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC)