Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.
Cybersecurity
Posted inData Privacy
How to avoid pitfalls of scaling business with generative artificial intelligence
Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.
Posted inRisk Management
Treasury: DeFi services vulnerable to AML/CFT, cybersecurity risks
A new U.S. Treasury report concluded that decentralized finance services are being used by bad actors to launder the proceeds of illegal activity, aided by crypto platforms weak or non-existent in anti-money laundering and sanctions compliance programs.
Posted inData Privacy
TikTok CEO to boast data security efforts in Congress testimony
The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.
Posted inRisk Management
CISA pilot program seeks to bolster ransomware preparedness
The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.
Posted inFinancial Services
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
Posted inRegulatory Enforcement
Web hosting company fined in DOJ cyber fraud case
Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.
Posted inRegulatory Enforcement
SEC orders Blackbaud to pay $3M for misleading ransomware disclosures
Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
Posted inData Privacy
HHS creates new enforcement office for health privacy
The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.
Posted inData Privacy
Where U.S. federal privacy legislation efforts stand in 2023
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
