The Federal Aviation Administration (FAA) announced last week that it will be working with industry leaders and public stakeholders to develop a traffic management system for unmanned aircraft systems (UAS or drones). UAS traffic management (UTM) requires a framework for systems to safely operate multiple UAS at once. The FAA wants to first establish operating

The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges facing the grid, to describe federal efforts to address those risks, to assess the extent to which the Department of Energy

On October 5, 2018, President Trump signed the Federal Aviation Administration (FAA) Reauthorization Act which establishes new conditions for the recreational use of drones and immediately repealed the Special Rule for Model Aircraft. The FAA is currently evaluating the impact of this change and how the organization will implement these changes.

In addition to continuing

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only guidance we have been receiving is in the form of Resolution Agreements and Corrective Action Plans, and hefty fines accompanying them.

The Government Accountability Office (GAO) recently finished a study of HHS/OCR’s cybersecurity infrastructure to see if it was consistent with NIST standards.

The Report notes that health care entities are struggling to select appropriate privacy and security controls for their organizations, and HHS is not offering enough help to those organizations. Although OCR published two tools to assist covered entities and business associates with risk assessments, according to the GAO, those tools do not provide enough detailed information for covered entities and business associates to determine the cybersecurity activities that must be performed. The Report noted that the NIST framework has 98 subcategories for security controls, while the OCR Toolkit only addresses 19 of the 98 subcategories. According to the GAO, these gaps in the OCR’s guidance could lead to incomplete risk assessments.


Continue Reading GAO Study Slams HHS For Lack of Guidance to Covered Entities

A Government Accountability Office (GAO) examination of the state-run health insurance exchanges for California, Kentucky and Vermont identified inadequate security measures in place to protect consumers’ personal information. While state officials from Kentucky and California denied that any security breaches had occurred or that any personal data had been compromised as a result of the