More warnings emerge about state-linked cyber threats to water infrastructure

The White House and EPA set an urgent virtual meeting with state homeland security and other top officials, citing efforts to boost the resiliency of drinking and wastewater treatment systems.

By David Jones • March 20, 2024

How companies describe cyber incidents in SEC filings

The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.

By Matt Kapko • March 19, 2024

Threat environment is changing for individuals and SMBs, White House order shows

An executive order is trying to prevent the large-scale transfer of Americans’ data, as countries seek troves of U.S. data for blackmail, AI training and analysis, among a multitude of other purposes. 

By Michael Kosak • March 18, 2024

What’s material to the SEC, 3 months into cyber disclosure rules?

As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.

By David Jones • March 18, 2024

Stronger FCC data breach reporting rules for telecom go live

The updated rules expand the scope of breach disclosure requirements to cover all PII and carriers have to notify customers within 30 days of determining a breach occurred.

By Matt Kapko • March 15, 2024

FCC approves voluntary cyber labeling program for smart home IoT devices

The Biden administration wants the U.S. Cyber Trust Mark program to incentivize higher security standards in future IoT product development.

By David Jones • March 15, 2024

HHS opens investigation into Change Healthcare cyberattack

The Office for Civil Rights will focus on whether protected health information was breached and if UnitedHealth complied with privacy and security requirements. 

By Emily Olsen • March 14, 2024

White House adds teeth to secure software development requirements

CISA and OMB released an attestation form to ensure compliance with secure development practices.

By David Jones • March 13, 2024

White House meets with UnitedHealth, industry groups on Change Healthcare cyberattack fallout

Officials called on payers to cut red tape and offer financial support to providers, including advanced payments. 

By Emily Olsen • March 13, 2024

CMS rolls out provider flexibilities amid fallout from Change cyberattack

Provider groups said the government should go further to financially bolster providers during the outage at Change Healthcare.

By Emily Olsen • March 5, 2024

Provider groups urge HHS, Congress to mitigate damage from Change cyberattack

The American Hospital Association and the American Medical Association pushed the federal government to offer more financial support as the Change outage limits providers’ ability to receive payment.

By Emily Olsen • March 5, 2024

NIST makes it official: governance is a critical part of cybersecurity

A collection of resources accompany CSF 2.0 to make the guidance easier for businesses to use and put into practice across their operations.

By Matt Kapko • Feb. 29, 2024

Utility regulators take steps to raise sector’s cybersecurity ‘baselines’

The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.

By Robert Walton • Feb. 29, 2024

MGM Resorts’ cyberattack headache continues as regulators launch investigations

The company said it could face fines in connection with regulatory inquiries stemming from the social engineering attack.

By David Jones • Feb. 26, 2024

HHS reaches second-ever ransomware settlement

A mental healthcare provider didn’t have sufficient protections in place before a ransomware attack exposed the protected health information of more than 14,000 people, according to the HHS’ Office for Civil Rights.

By Emily Olsen • Feb. 22, 2024

Biden administration issues executive order on port cybersecurity

The order will transfer crane manufacturing back to the U.S., amid concerns about potential cyber risk to port facilities, maritime transportation and threats from China.

By David Jones • Feb. 21, 2024

LockBit operations dismantled following international takedown

An international group of law enforcement partners seized the infrastructure of the prolific ransomware group, obtaining decryption keys along the way. 

By David Jones • Feb. 20, 2024

FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

By David Jones • Feb. 16, 2024

State Department puts $10M bounty on AlphV ransomware group

The prolific ransomware group and its affiliates are behind some of the most high-profile attacks in the last year.

By Matt Kapko • Feb. 15, 2024

CISA blitzes Super Bowl with cyber campaign as businesses fumble security

CISA brought its Secure Our World initiative to Las Vegas, for the biggest annual event in sports. Will anyone heed the advice?

By Matt Kapko • Feb. 9, 2024

National cyber director urges private sector collaboration to counter nation-state cyber threat

Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.

By David Jones • Feb. 9, 2024

HHS settles cybersecurity investigation with Montefiore Medical Center

The nonprofit will pay $4.75 million to settle allegations that data security failures allowed an employee to steal and sell the protected health information of thousands of patients.

By Emily Olsen • Feb. 8, 2024

CISA, FBI confirm critical infrastructure intrusions by China-linked hackers

Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.

By David Jones • Feb. 7, 2024

Mortgage industry attack spree punctuates common errors

Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

By Matt Kapko • Feb. 6, 2024

Business, technology groups back SolarWinds motion to dismiss SEC charges

Former U.S. cybersecurity officials and a group of current and former CISOs warned the fraud suit against SolarWinds could chill intel sharing from the private sector.

By David Jones • Feb. 5, 2024