Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

AICPA Releases Cybersecurity Risk Management Reporting Fact Sheet for CPAs Without a Key Recommendation

The American Institute of CPAs (AICPA), has released a risk management reporting framework that is intended to “establish a common, underlying language for Cybersecurity risk management reporting—almost akin to US GAAP or IFRS for financial reporting.” According to AICPA, the framework may be used by both management and CPAs to “enhance cybersecurity risk management reporting … Continue Reading

OneLogin Suffers and Notifies Customers of very Sophisticated and Scary Intrusion

San Francisco based OneLogin, which provides single sign on and identity management services for companies and app vendors, recently notified its users that it has discovered an unauthorized access to its data. The idea behind OneLogin is for a user to have one username and password that it can use through OneLogin’s platform for all … Continue Reading

Pacemakers at Risk for Remote Tampering

A new study by WhiteScope concludes that pacemakers from four manufacturers contain security weaknesses that expose them to remote tampering. Pacemakers run on radio frequency and health care providers can adjust them to assist patients with heart abnormalities without having to undergo surgery. However, according to the study, the programmers who are adjusting the pacemakers … Continue Reading

Ransomware Attack Hits Dallas Senior Living Community

No industry is immune from ransomware attacks—including senior living communities. Senior living communities have exploded now that baby boomers are selling homes, down-sizing and getting ready for that stage of life. Many of us in the sandwich generation are choosing communities for our parents. When residents move into a senior resident community, the community collects … Continue Reading

WannaCry Also Encrypted Hospital Medical Devices

The fall-out from WannaCry continues, particularly in the healthcare sector. There are new reports that WannaCry affected at least two hospital systems in the U.S. and encrypted medical devices (power injector systems) in the hospitals. There are additional anecdotal reports that other medical devices were affected by WannaCry. According to medical device company spokesmen, if … Continue Reading

HHS Office of the Assistant Secretary for Preparedness and Response Issues Series of Cybersecurity Updates in Response to WannaCry Attack

In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on … Continue Reading

Take-Aways from WannaCry

We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading

ABA Issues Opinion on Use of Email for Lawyers

On May 11, 2017, The American Bar Association (ABA) updated its 1999 opinion regarding lawyers’ use of email for communication. Although many state bar associations have issued opinions on electronic communications and the use of cloud computing services, the ABA has now provided clear guidance for lawyers on their ethical responsibilities of competence, confidentiality and … Continue Reading

NIST Releases Draft Cybersecurity Guidance for Wireless Infusion Pumps

The National Institute of Standards and Technology (NIST) announced this week that it has issued draft cybersecurity guidance for hospitals to consider when using infusion pumps, particularly since infusion pumps are no longer standalone devices and many are now wireless. This increases the risk of cybersecurity threats that could potentially compromise personal information if the … Continue Reading

FTC Launches Website to Help Small Businesses with Cyber-Attacks

The Federal Trade Commission (FTC) announced on May 9, 2017, that it has launched a new website that “helps small businesses avoid scams and cyber-attacks.” The website, www.ftc.gov/SmallBusiness.com, is filled with articles, videos and other information to help small businesses avoid scams and recover from a cyber-attack, as well as security tips to protect networks … Continue Reading

In the Privacy of Your Home

By now, it’s pretty common knowledge that Alexa has been on a dollhouse shopping spree, and is also helping to solve a murder. Clearly, Alexa cannot be trusted and that’s why she has only limited trigger words, including options such as “Alexa,” “Amazon,” “computer,” and “Echo.” When you speak those words, or other “wake words” … Continue Reading

New Mexico Enacts Data Breach Notification Law

Governor Susana Martinez recently signed into law the New Mexico “Data Breach Notification Act” (the Act), making New Mexico the 48th state (plus Puerto Rico and the District of Columbia) to adopt legislation mandating the provision of notice in the event of a data breach. The Act – which takes effect June 16, 2017 – … Continue Reading

4,229 Psychiatric Patients’ Records Hacked

Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers, telephone numbers, diagnoses and doctors’ notes. The health center provides outpatient therapy to both children and adults for behavioral health conditions including substance use disorders, … Continue Reading

St. Jude Medical on Hot Seat for Cybersecurity Flaws in Home Monitoring System

The Food and Drug Administration (FDA) recently issued a warning letter to St. Jude Medical, alleging that it failed to properly investigate issues with the batteries in its defibrillator implants and for failing to fix the cybersecurity of its in-home monitoring system, known as Merlin@home. The monitoring system is wireless and is connected to St. … Continue Reading

ACC Issues Data Security Guidelines for In-House Counsel to Evaluate Law Firms

The Association of Corporate Counsel (ACC) has issued its first-ever data security guidelines, which outline basic data security measures that in-house counsel can use to evaluate their outside counsel. Most companies these days are auditing their law firms’ data security measures, but since data breaches occurred at some of the largest U.S. based law firms … Continue Reading

SWIFT Shores Up Network Security With Real Time Cybersecurity Tools

In an effort to combat an increasing number of fraudulent transfers carried out using its network, SWIFT, the international bank transfer network, announced this month that it is adding new tools and controls designed to prevent fraudulent transfers in real time. SWIFT reported that the new tools integrate into the SWIFT system directly without the … Continue Reading

State of Colorado Proposes Financial Services Cybersecurity Requirements

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning … Continue Reading

DOD U.S.-CERT Cybersecurity Incident Reporting for Defense Contractors Effective April 1, 2017

New U.S. Computer Emergency Readiness Team (U.S.-Cert) guidelines around incident reporting went into effect this week (April 1, 2017). The guidelines require all federal departments and agencies, state, local, tribal and territorial government entities, information sharing and analysis organizations and private-sector organizations to report any security incident impacting the confidentiality, integrity or availability of a federal … Continue Reading
LexBlog