This year marks the 13th annual National Cyber Security Awareness Month (NCSAM), which kicked off on October 1, 2016 (you can follow all of the action on Twitter by using the hashtag #CyberAware). The NCSAM theme for this week is “Cyber Security from the Break Room to the Board Room,” which provides an opportunity to… Read More
Author: Devesh Panchwagh
New York’s Proposed Cyber Security Rules Could Have Far-reaching Effects on Banks, Insurers, and Other Financial Firms
The New York State Department of Financial Services (NYDFS) has recently proposed a detailed and wide-ranging set of cyber security regulations for insurers, banks, and other regulated financial entities. While the proposed requirements do not spell out what means may be used to enforce the requirements, nor possible penalties, the NYDFS has broad criminal and civil… Read More
Attention: OCR is Serious About HIPAA Security Rules Enforcement
Big or small, if you are a covered healthcare entity or business associate that handles protected health information (PHI) in any capacity, you should be aware that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is notably strengthening enforcement and sanctions related to the HIPAA Security and Privacy Rules. In… Read More
Board Perspectives Part II: 4 Methods For Effectively Managing Cyber Security Risk
What Boards Really Need to Know About Cyber Security Delta Risk’s Founder and Executive Chris Fogle dove into the subject of cyber security perspectives for boards and business executives in Part I of our board perspectives blog and in yesterday’s presentation at CyberTexas 2016. He also took a few minutes with The CyberWire Friday podcast to discuss board responsibility when it… Read More
Board Perspectives Part I: How Board Members and Executives Perceive Cyber Security
What Boards Really Need to Know About Cyber Security Delta Risk’s Founder and Executive Chris Fogle dives into the subject of cyber security perspectives for boards and business executives. In addition to presenting on this topic today at CyberTexas 2016, he took a few minutes with The CyberWire Friday podcast to discuss board responsibility when it comes… Read More
Navigating New OCR Guidance on Ransomware: 4 Critical Takeaways
The verdict is in: after much deliberation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) confirmed that a ransomware attack should be classified as a breach of electronic protected health information (ePHI) under HIPAA, unless there is substantial evidence to the contrary. As we touched on in our previous blog, the OCR… Read More