AI Today in 5: August 7, 2025. The US v. China Episode
Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On June 22, 2025, Texas enacted the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), putting it at the forefront of state-level AI regulation in the United States. TRAIGA becomes effective January 1, 2026....more
The HIPAA Security Rule was originally promulgated over 20 years ago. While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
“Side-Channel” attacks generally refer to a type of criminal cyber attacker activity that exploits vulnerabilities so that the attacker can collect and analyze “leakage” of data from a device, as a means to identify certain...more
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or...more
Organizations are becoming increasingly reliant on external parties to manage parts of their business. The centralized knowledge, expertise, and economies of scale that third parties provide enables organizations to focus...more
“Reasonable” and “adequate” seem like benign terms — until you have to litigate using them as a standard for adequate data security. Over the coming years, the definition of “reasonable security” (and the alleged failure of...more
It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-aService (BPaaS)....more
From the recent headline-grabbing attacks on hospitals and municipalities, the specter of cybersecurity threats looms large. As a result, spending on cybersecurity initiatives is expected to reach $96 billion this year....more
The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits....more
There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more
Legal Framework - Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws? The United States generally addresses cybersecurity...more