Cybersecurity Policies
While the HIPC has not been updated since 2018, a review of recent data breaches in healthcare suggests that the identified threats are still relevant. For example, a 2019 study by the Journal of American Medicine of 95 simulated phishing campaigns at six US health care institutions noted almost one in seven test emails sent were clicked by employees [4]. And recently, a ransomware attack affected 250 Universal Health Systems facilities taking their systems offline for almost a week [5]. These reports agree with the 2020 HIMSS Cybersecurity Survey, which noted the top security events included phishing events, harvesting and ransomware [6].
Other Programs and Processes
[co-author: Ken Fishkin]
We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah is the second state to use this model by passing the Cybersecurity Affirmative Defense Act, which provides a safe harbor to companies that maintain “reasonable” cybersecurity controls when managing personal information. This act is an amendment to their existing data breach law and would provide entities an affirmative defense to certain litigation claims.
“Reasonable” cybersecurity controls are defined for purposes of this safe harbor as complying with a written cybersecurity program that meets the following requirements:
To embed, copy and paste the code into your website or blog:
The law governing Internet of Things (IoT) devices in the United States (US) is rapidly evolving. From industry specific guidelines for connected medical devices and autonomous vehicles, to more general standards such as the Internet of Things Cybersecurity Improvement Act of 2020 (Federal IoT Law), state and federal level laws are quickly changing as it relates to IoT standards, introducing new challenges for emerging technologies and new use cases for manufacturers.
Much like other areas of the law, California has been a leader in developing standards around IoT devices. In 2017, California became the first state to adopt an IoT specific cybersecurity law known as the California Internet of Things Cybersecurity Improvement Act of 2017 (California IoT Law). Codified at California Civil Code § 1798.91.04, the California IoT Act took effect on January 1, 2020 and requires manufacturers of IoT devices to equip any IoT devi
Cyber Observer s Latest Release Provides New Visibility Into Cybersecurity Risk Posture
Tuesday, January 19, 2021 11:52AM IST (6:22AM GMT)
Premier Continuous Controls Monitoring platform empowers enterprises with continuous, unified visibility of security tool effectiveness on-premises and in-cloud
Tel Aviv, Israel & Tysons Corner, Va., United States:
Cyber Observer, the premier Continuous Controls Monitoring (CCM) solution, today announced a major enhancement to its platform that enables CISOs and other security and risk management executives to obtain new, continuous, unified visibility into the effectiveness of cybersecurity tools that are implemented throughout their enterprise. By continuously retrieving and analyzing Critical Security Controls (CSCs) from applications on-premises and in-cloud, Cyber Observer’s CCM platform simplifies compliance, reduces mean time to detection and response, and advances r