On September 26, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a $250,000 settlement with Cascade Eye and Skin Centers due to alleged violations of the HIPAA Rules. OCR enforces...

On March 27, 2024, the U.S. Cybersecurity and Infrastructure Agency (CISA) posted a Notice of Proposed Rulemaking (NPRM) that would establish national cyber incident and ransom payment reporting requirements, as mandated by the Cyber Incident Reporting for...

The National Institute of Standards and Technology (NIST) recently finalized its consensus-based cybersecurity framework, often referred to as the “CSF.”  The CSF provides organizational tools for reducing cybersecurity risk and, with the latest revisions, offers new tailored guidance...

With a unanimous vote on March 14, 2024, the Federal Communication Commission (“FCC”) adopted its proposed order to launch a voluntary cybersecurity labeling program (“Program”) for Internet-connected smart devices. As discussed in our August 2023 blog, this cybersecurity labeling Program...

On February 28, 2024, President Biden signed an Executive Order (the “E.O.”), taking a further step toward protecting U.S. government data and bulk sensitive personal data about Americans from access by foreign actors. The White House released...

The United Kingdom’s Department of Science, Innovation & Technology (DSIT) released the Cyber Governance Code of Practice (the “Code”) with a goal to formalize business sector cyber governance across the UK. The Code aims to provide...