On January 5, 2024, the New York Attorney General’s Office (“NY AG”) announced a settlement with Refuah Health Center, Inc. (“Refuah”) based on the company’s alleged failures to appropriately safeguard its patients’ information, including failing to encrypt patient information or use multifactor authentication, which allegedly resulted in a May 2021 ransomware attack that impacted approximately […]
Cybersecurity
FBI Develops Decryption Tool to Combat Blackcat Ransomware
On December 19, 2023, the Justice Department (“DOJ”) announced a disruption campaign against the Blackcat ransomware group. In the same press release, they also stated that the Federal Bureau of Investigation (“FBI”) had developed a decryption tool to combat ALPHV/Blackcat’s ransomware variant. Over the last couple of years, Blackcat’s ransomware has risen in popularity and […]
NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations
After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s Cybersecurity Regulation (23 NYCRR Part 500) (the “Regulation”), specifically, its failure to protect non-public information (“NPI”). NYDFS originally brought the enforcement action in […]
CPPA Publishes Revised Cybersecurity Audit Regulations in Advance of Board Meeting
On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics listed in its published agenda. The New CPRA Rules Subcommittee will provide an update and present on the Draft Regulations on […]
Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own hands. On November 15, 2023, the ransomware group known as BlackCat (also known as “AlphV”) posted a notice on its leak site alleging […]