From Forest to Fortune: Navigating Workplace Ethics With Robin Hood — Hiring to Firing Podcast
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Episode 381 -- NAVEX's 2025 Annual Hotline Report
AI and the False Claims Act
Disparate Impact & Enforcement Rollbacks: What’s the Tea in L&E?
What’s in Your Operating Agreement? Legal Tips for Healthcare Providers
Compliance Tip of the Day: AI and 3rd Party Risk Management
Daily Compliance News: July 31, 2025 the Forgotten Generation Edition
A New Brand of Uncertainty? — PE Pathways Podcast
The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Breaking the Cycle: Flooding, Infrastructure, and Climate Law in Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
Understanding BBB Ratings: Building Trust and Mitigating Risks — Regulatory Oversight Podcast
Compliance Tip of the Day: Bringing Predictive Analytics into Your Compliance Regime
Innovation in Compliance: Scaling Compliance Programs: Insights from a Navy Veteran and Compliance Leader
Daily Compliance News: July 29, 2025 the Is CEO Conduct Ever Personal Edition
Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
False Claims Act Insights - The Mathematics of Nuclear FCA Verdicts
Compliance Tip of the Day: Strategies for Embedding Compliance into your Organization
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
The February 2024 ransomware attack on Change Healthcare was the largest healthcare data breach in U.S. history. The attack disrupted operations—impacting patient care and provider finances—and potentially exposed the...more
2024 was a year of numerous and notable cybersecurity failures – although, to be fair, most years are now marred by numerous and notable cybersecurity failures. That’s no longer anything special. What makes 2024 interesting...more
The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more
Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
In healthcare, compliance issues can quickly escalate into compliance nightmares, with serious implications for patient safety, legal liability, and an organization’s reputation. Among the most common compliance nightmares...more
Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more
Looking for compliance education and networking in your area? HCCA’s Regional Healthcare Compliance Conferences offer practitioners convenient, local compliance education on a wide variety of current and emerging topics...more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
In recognition of International Privacy Day on January 28, we wanted to share some insights on the top privacy and cybersecurity issues for the new year. Data privacy and cybersecurity will continue to be one of the most...more
Elevate your resilience in the new year by understanding top GRC trends, patterns, and best practices across AI, TPRM, cyber risk, and more. As we step into 2024, technological advancements and an increasingly connected —...more
Last month, as the New York State Department of Financial Services (“DFS”) began phasing in amended cybersecurity regulations and continued enforcement actions against noncompliant entities, a wave of ransomware attacks...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
There are so many factors that go into breach response. Determining the size of the breach, time limitations, legal requirements, notification needs, urgency for containment, and interrupted business operations are just a...more
Corporate boards face a panoply of risks – and the nature of these risks are quickly evolving. Cybersecurity has quickly risen to the top of the list of corporate risks. Add to that the new SEC regulations on cybersecurity...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
If you read about the world of hackers and cyber threats, you will quickly become numb to the creativity and variety of techniques that may threaten your organization. Like all risks, however, the key is to consider...more
NAVEX’s annual report on the state of risk and compliance is a must read. Each year NAVEX supplies helpful insights that compliance professionals, corporate managers and board members can use to benchmark their respective...more
In today’s world of cyber threats, many companies have fallen victim to ransomware attacks. Corporate boards and senior executives face serious issues when their companies are attacked. The payment of ransom is not only...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
Last Friday, the Office of Foreign Assets Control (OFAC) published more targeted guidance for digital asset companies related to compliance with sanctions and best practices for mitigating risks. This guide comes on the heels...more