Please join Jim Harvey and Kimberly Peretti, co-chairs of the firm’s Security Incident Management & Response Team, for a first-of-its-kind seminar: “Financial Marketplaces and Cyber Risk.” The panel discussion will both define cyber risk and its implications for financial marketplaces and address the existing regulatory framework and strategies purporting to improve risk mitigation for the industry […]
Regulation
Apple Agrees to Settle FTC Complaint Regarding In-App Purchases
January 15, 2014 – The Federal Trade Commission today announced that Apple has entered a settlement agreement containing a consent order to settle the FTC’s complaint alleging that the company billed consumers for charges incurred by children in kids’ mobile apps without their parents’ consent. Under the agreement, Apple will refund at least $32.5 million to […]
CMS Releases Updated HIPAA Security Risk Analysis Tipsheet for EHR Meaningful Use Program
The Centers for Medicare & Medicaid Services (CMS), in conjunction with the HHS Office for Civil Rights (OCR), has recently issued an updated tipsheet on conducting a security risk assessment for health care providers participating in CMS’s Electronic Health Records (EHR) Incentive Programs. To receive incentive payments through the program, providers must demonstrate meaningful use […]
NIST’s Preliminary Cybersecurity Framework Could Have Broad Implications for Critical, Non-Critical Infrastructure Alike
On October 22, 2013, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework (“Framework”), marking one of the final steps in creating the “voluntary” Framework envisioned in an Obama Administration Executive Order (EO) issued earlier this year. That EO, which was designed to strengthen the cybersecurity of the United States’ critical […]
Department of Defense Publishes Safeguarding Rule Requiring Contractors to Follow NIST Security Standards, Report Cybersecurity Incidents
On November 18, the U.S. Department of Defense (“DoD”) published a final safeguarding rule (the “UCTI Safeguarding Rule”) applicable to contractors in possession of unclassified yet nonpublic technical information (“UCTI”) that requires them to, at a minimum, satisfy the security controls specified in NIST Special Publication (SP) 800-53 in order to safeguard UCTI. Additionally, the UCTI Safeguarding […]