5 Tips for Training Employees in Effective Cybersecurity Practices

One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.

  1. Password Management  Proper password management is key to any cybersecurity program. The technical barriers to entry
Read More

OCR Penalizes Slow Data Breach Response

The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.

The settlement stems from … Read More

School Is in Session: Primes and Subs Must Train All Employees Who Handle PII or Who Build Systems Containing PII for Contracts Issued on or After January 19, 2017

After more than five years since the proposed rule in 2011, the Federal Acquisition Regulatory Council gave federal contractors a surprise holiday gift this year—mandatory privacy training for all employees on contracts and subcontracts issued on or after January 19, 2017 who:

(1) Have access to a system of records;

(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information on behalf of an agency; or

(3) Design, develop, maintain, or operate a system … Read More

Can You Prevent Cyber Attacks to Industrial Control Systems for Advanced Robotic-Based and Chemical Manufacturers with Off-the-Shelf Software and NIST Guidelines?

Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.

The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for … Read More

DoD’s New Cybersecurity Regulations: How to protect yourself when a Government support services contractor wants to inspect your data and devices

DOD New Cybersecurity regulationsThe US Department of Defense’s (DoD) new cybersecurity regulations require defense contractors to cooperate with Government support services contractors investigating a “cyber incident that affects a covered contractor information system or the covered defense information residing therein or that affects the contractor’s ability to provide operationally critical support.”  DoD’s Defense Industrial Base Cybersecurity Activities Final Rule, 32 CFR 236.4(b), (m)(5) (effective Nov. 3, 2016); Response to Public Comments, 81 FR 68312 (Oct. 4, 2016).

It doesn’t take much imagination to … Read More

Real-Life Attacks On Business & What You Can Do To Deter A Cybercriminal – Event September 7

To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.

Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the … Read More

Cyber Insurance: Travelers Required to Defend Healthcare Records Storage Company From Class Actions

Savvy in-house counsel and business owners termsoften ask are whether the insurers selling cyber policies actually pay claims or whether the policyholders are just buying the right to later sue the insurers for coverage.  The initial wave of cyber insurance litigation involved policyholders trying to obtain coverage for data breaches under their standard commercial general liability policies.  This produced mixed results with some courts finding coverage, while others did not.  The next wave of cyber insurance litigation involved policyholders asserting … Read More

HIPAA Phase II Audits Begin

On Monday, March 21, 2016, the Health and Human Services Office for Civil Rights (“OCR”) began the long-awaited Phase II of OCR’s random audit program to determine compliance with the patient privacy provisions included in the Health Insurance Portability and Accountability Act (“HIPPA”). As we discussed earlier here, these audits will extend beyond simply covered entities and will also include business associates.

Covered entities and business associates will receive an email from OCR entitled “Audit Entity Contact Verification.”  This … Read More

Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More

Data Breach Victims Have No Legal Remedies Under Indiana Law

Indiana law does not grant consumers the right to sue Anthem or any other data base owner for negligence following a data breach, according to the federal judge presiding over the Anthem data breach multi-district litigation.  Order, In re Anthem, Inc. Data Breach Litig., No. 15-MD-2617 (N.D. Cal. Feb. 14, 2016).

Instead, Indiana law grants consumers only the right to be notified of the data breach without unreasonable delay.  Indiana Code § 24-4.9-3-1.  If notice is not properly given, … Read More

LexBlog