720-891-1663

Most Orgs Not Ready For New CISA Security Rules

CISA’s SECURE SOFTWARE DEVELOPMENT ATTESTATION FORM rule comes into effect next week. It requires that companies that produce software and sell it to the government adhere to key security practices. It also requires that those developers attest to their practices. In writing. Signed by an executive of the company. It applies to companies that do […]

Continue reading → [DISPLAY_ACURAX_ICONS]

US Water, Other Utilities Under Attack

Unfortunately, other than the very large water and other utilities, most utilities do not have the money, manpower or desire to secure their networks. We continue to hear more stories of successful attacks. In April a Russia-linked hacking group, the Cyber Army of Russia, claimed responsibility for an attack on a water and wastewater system […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Senator Claims UnitedHealth’s CEO, Board Appointed Unqualified CISO

Senator Ron Wyden, who is possibly the biggest advocate on Capitol Hill for cybersecurity and privacy, laid into UnitedHealth Group’s CEO for their cybersecurity practices. Their practices led to a breach that affected possibly one third of the adults in the US who have health insurance. Senator Wyden also asked the FTC and SEC to […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News Update for the Week Ending May 31, 2024

Feds Say ChangeHealth Can File Breach Notice on Behalf of Doctors After All Changing your mind … is a federal agency’s prerogative, apparently. Normally under HIPAA, it is the doctor or hospital that has to file the breach notice and until this week, that was the fed’s (HHS) position for the ChangeHealth breach. However, smarter […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Senate to Narrow Scope of Secret Surveillance Law

Last month in a bit of a crazed hurry, Congress approved the renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA). Section 702 came out of 9-11 and our lack of intelligence. I know you can’t use government and intelligence in the same paragraph without laughing, but stick with me. But Congress didn’t […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Window to Report Breaches Shrinking

While it seems that some companies continue to be clueless and others get fined (and sued) for delaying reporting breaches, the window (and door) is closing rapidly on that. The SEC says that publicly traded companies have 4 days after determining that a breach is material to file an 8-K to notify investors. DoD contractors […]

Continue reading → [DISPLAY_ACURAX_ICONS]