Latest Articles

On December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices.  The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA. The FDA guidance reflects the agency’s concerns that cybersecurity vulnerabilities in networked medical devices could affect a device’s performance and functionality, potentially exposing sensitive personal information or causing serious harm to patients.…
The Department of Health and Human Services and its Office of Civil Rights (OCR) are capping off a very active 2016. In the last 6 months, the OCR has released a new audit protocol, announced new rounds of HIPAA audits, and stepped up enforcement. The flurry of activity comes after a prolonged period of anticipation in which Covered Entities and Business Associates were working to ensure that their data protection practices comply  with the new…
On June 12, 2016, the HHS Office of Civil Rights (OCR) released guidance, entitled “FACT SHEET: Ransomware and HIPAA,” in response to the rising number of ransomware attacks perpetrated against healthcare entities. The guidance addresses Health Insurance Portability and Accountability Act (HIPAA) issues that may arise when medical records containing Protected Health Information (PHI) are compromised or stolen during a ransomware attack. OCR’s view is that compliance with HIPAA’s information security requirements assists healthcare entities in…
Cybersecurity has recently become a high priority issue at the US Commodity Futures Trading Commission (CFTC) – the agency overseeing designated contract markets, swap execution facilities, derivatives clearing organizations, swap data repositories (SDRs), swap dealers, futures commission merchants, commodity pool operators and other derivatives market participants. CFTC Articulates Unique Cybersecurity Concerns CFTC Chairman Timothy Massad has recognized cybersecurity as “the single most important new risk to market integrity and financial stability.” The Commission is particularly…