CISA’s SECURE SOFTWARE DEVELOPMENT ATTESTATION FORM rule comes into effect next week. It requires that companies that produce software and sell it to the government adhere to key security practices. It also requires that those developers attest to their practices. In writing. Signed by an executive of the company. It applies to companies that do […]
Continue reading → [DISPLAY_ACURAX_ICONS]Senator Ron Wyden, who is possibly the biggest advocate on Capitol Hill for cybersecurity and privacy, laid into UnitedHealth Group’s CEO for their cybersecurity practices. Their practices led to a breach that affected possibly one third of the adults in the US who have health insurance. Senator Wyden also asked the FTC and SEC to […]
Continue reading → [DISPLAY_ACURAX_ICONS]Feds Say ChangeHealth Can File Breach Notice on Behalf of Doctors After All Changing your mind … is a federal agency’s prerogative, apparently. Normally under HIPAA, it is the doctor or hospital that has to file the breach notice and until this week, that was the fed’s (HHS) position for the ChangeHealth breach. However, smarter […]
Continue reading → [DISPLAY_ACURAX_ICONS]White House Preps New Cyber Rules for Healthcare After ChangeHealth Breach Anne Neuberger, Deputy National Security Advisor for Cyber says that after a decade of pleading with hospitals to protect your data, they are getting ready to roll out regulations. The hospitals say don’t penalize us by making us protect your data; why do we […]
Continue reading → [DISPLAY_ACURAX_ICONS]Six years ago there were no second generation privacy laws. No we are dealing with stronger and stronger laws. And more challenges for businesses. The rub is that the legislature is controlled by the democrats, the governor is a republican and the legislative session has ended, so the bill could get vetoed. The bill outlaws […]
Continue reading → [DISPLAY_ACURAX_ICONS]Probably your first question is what the heck is CIRCIA. CIRCIA is a law passed by Congress in 2022 that requires CISA to create a set of regulations for reporting cyber incidents by critical infrastructure operators. Needless to say, those operators would much rather have a very low profile and report things only if and […]
Continue reading → [DISPLAY_ACURAX_ICONS]