Tag Archives: cybersecurity

Protecting Patient Data From Hacker Ransom Demands

Forty bitcoins later (approximately $17,000), Hollywood Presbyterian Hospital can now access its electronic medical health records and return to treating its patients as scheduled. But as hackers develop new tools to access information, an increasing number of providers will be targeted and ransom demands will escalate, putting hospitals and patients at risk. Focusing on technical … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority.  Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

The CFTC’s Proposed Standards Identify Cybersecurity Best Practices

The Commodity Futures Trading Commission (CFTC) offered several reasons for proposing five new cybersecurity testing requirements for the commodity trading platforms it regulates in its December 23, 2015, Notice of Proposed Rulemaking: More than half of the securities exchanges surveyed in 2013 reported that they had been the victim of cyberattacks. 80 Fed Reg. at … Continue Reading

EU’s Network and Information Security Directive: Regulating “operators of essential services” and “digital service providers”

The European Union continues to move forward with a proposed unified framework to strengthen network and information security systems across its member countries. On December 18, 2015, the Permanent Representatives Committee (Coreper) approved a provisional agreement reached on December 7, 2015, by the European Parliament and European Council on the Network and Information Security Directive … Continue Reading

What the FTC’s Settlement With Wyndham Means for Your Company

The recent settlement entered into between the Federal Trade Commission (FTC) Wyndham Hotels and Resorts and related companies (Wyndham) provides an important roadmap for companies seeking to avoid running afoul of the FTC’s regulation of data security. In particular, this settlement, as embodied in a Consent Order entered by the Court provides Wyndham Hotels and … Continue Reading

New York Department of Financial Services Sets Forth Extensive Cybersecurity Regulatory Framework Proposal

On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework proposal for “covered entities,” or financial institutions regulated by NYDFS. The framework builds on data from NYDFS reports surveying cybersecurity programs from … Continue Reading

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment advisers with information on the focus areas of its upcoming round of cybersecurity examinations. OCIE is building on its previous cybersecurity examinations to increase … Continue Reading

Obama Administration Recognizes Cyber Threats to U.S. Critical Infrastructure as a National Emergency

Many cybersecurity experts have warned that the United States is already engaged in covert cyber warfare against hostile actors around the world. The latest cybersecurity Executive Order reflects formal recognition that, regardless of whether we call it war, cyber threat activity directed at U.S. critical infrastructure has created a national emergency. Exercising authority granted by … Continue Reading

FTC Director Jessica Rich Discusses Privacy and Data Security at BakerHostetler Symposium

On February 26, 2015, Jessica L. Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission, spoke at the BakerHostetler Symposium on Section 5 of the FTC Act on how the FTC approaches privacy and data security. Director Rich’s comments on this subject were particularly timely, with the Third Circuit poised to … Continue Reading

SEC Provides Guidance on Important Considerations for Effective and Reasonable Prevention of Cyber Attacks

As many of you know, last April the SEC issued the Cybersecurity Examination Initiative to assess the cybersecurity practices and preparedness of registered broker-dealers and investment advisers. The initiative arose from an SEC-sponsored Cybersecurity Roundtable held on March 26, 2014, which discussed the growing cybersecurity threats to our financial markets and intermediaries. Now, some nine … Continue Reading

New York Attorney General Announces Proposal to Revamp State Data Security Laws

On January 15, 2015, New York Attorney General Eric Schneiderman indicated that he plans to propose legislation to update New York’s information security laws, including by revising the definition of “private information” under the state’s data security breach notification statute. Schneiderman’s proposal comes on the heels of President Obama’s January 13, 2015, unveiling of measures … Continue Reading

What’s on the Horizon in the Golden State?

As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking … Continue Reading

CFTC Chairman Provides Guidance on Cybersecurity

On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014. Part of Chairman Massad’s remarks focused on the importance and oversight of cybersecurity and business continuity disaster recovery for the financial institutions, exchanges, and markets that the Commission regulates. Specifically, … Continue Reading

Big Data Changes the Deal: Information Governance Should Now Be Incorporated Into Due Diligence for Corporate Transactions

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. The past few years have witnessed the unprecedented rise of Big Data. Fully 90 percent of today’s data was created over just the past two years. Businesses now double the … Continue Reading

Broker-Dealers and Investment Advisers Now Targeted by Both Cyber Intruders and SEC Cybersecurity Examiners

The following BakerHostetler Executive Alert was authored by: Andrew W. Reich and Jonathan A. Forman Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data privacy as addressed by the Securities … Continue Reading

Webinar Recording – Implementation of the Cybersecurity Executive Order

In issuing the Cybersecurity Executive Order last February, President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” Now, important benchmarks in implementing this Executive Order have been reached. … Continue Reading

New DoD Rule Promotes Voluntary Sharing of Cyber-Security Threat Information Between DoD and Defense Contractors

Co-authored by: Alan Pate On October 22, 2013, the Department of Defense (DoD) published its Final Rule establishing a program for promoting voluntary sharing of cyber threat information between the DoD and government contractors. The DoD intends this information sharing program to “enhance and supplement” participating defense contractors’ capabilities to safeguard DoD information.  Unlike failed … Continue Reading

SEC To Issue Stronger Cybersecurity Guidance?

In February we wrote about whether Facebook’s IPO would set the tone under the SEC’s then-relatively new cybersecurity disclosure guidance. In subsequent months, it has become apparent that this guidance is still not yielding the level of disclosure on cybersecurity matters that regulators want. This is especially true with respect to the disclosure of past … Continue Reading

What You Should Be Doing Now to Prepare for Implementation of the Cybersecurity Executive Order

Co-Authored by: Theodore J. Kobus III A tempting response to the Cybersecurity Executive Order (the “Order”), announced by President Obama at his State of the Union address, is to ignore it.  It is vague in key particulars, such as which companies are part of the “critical infrastructure” and therefore subject to the Order.  The only … Continue Reading

APT Threat Report Shows Cybersecurity Risks Not Limited to Identity Theft

We often talk to companies who believe they are an unlikely target for hackers because they do not have financial account information, Social Security numbers, or medical information.  However, personal information is not the only item hackers are after.  Indeed, the chief of the United States Cyber Command and director of the National Security Agency … Continue Reading

Recorded Webinar: New Cybersecurity Executive Order

     Recorded Webinar:New Cybersecurity Executive Order President Obama has declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” In an increasingly interconnected and interdependent world, the threats posed by … Continue Reading

Rockefeller Releases Results of Fortune 500 Survey on Cybersecurity

Back in September, I posted here about Senate Commerce Committee Chairman John D. Rockefeller’s (D-WV) letters to all FORTUNE 500 companies inquiring about business opposition to cybersecurity legislation.  This morning, Rockefeller released a report by his staff summarizing the gist of the roughly 300 responses he’s received to date.  The report does not mention any … Continue Reading
LexBlog