By

Stephen McInerney

23 June 2022

Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law.

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law.  Kentucky Governor Andy Beshear signed House Bill 474 into law, and Maryland Governor Larry Hogan signed SB 207.

EmailShare
Read More
EmailShare
17 May 2022

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

*Reprinted with permission from the May 6, 2022 edition of the New York Law Journal © 2022 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or reprints@alm.com.

It used to be that data breaches were all about cyber-crooks hacking computer systems to … Read More

EmailShare
13 April 2022

CISA Publishes a List of Key Elements to Share in Incident Reports

Amidst severe warnings by the United States government of heightened cyber risks (especially for critical infrastructure), and on the heels of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) being signed into law in March 2022, the Cybersecurity and Infrastructure Security Administration (CISA) published a Cyber Event Read More

EmailShare
21 March 2022

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

The U.S. Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. The reporting requirements will cover multiple sectors of the economy, including chemical … Read More

EmailShare
28 January 2022

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint Cybersecurity Advisory warning critical infrastructure operators about the threat of Russian state-sponsored cyberattacks and recommended best practices to minimize disruption from such an … Read More

EmailShare
09 December 2021

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

On November 26, 2021, the U.S. Department of Commerce (Commerce) issued a notice of proposed rulemaking (Proposed Rule) implementing Executive Order 14034 on Protecting Americans’ Sensitive Data from Foreign Adversaries (EO 14034). The Proposed Rule would bring “connected software applications” into the scope of Commerce’s authority to review certain transactions … Read More

EmailShare
14 October 2021

The U.S. Federal Government Continues Its Focus on Ransomware Attacks: CISA, FBI, and NSA Publish Technical Advisory on the Conti Group

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory (the “Advisory”) outlining the Conti ransomware group’s tactics, techniques, and procedures (“TTPs”) to help companies protect against their attacks. This Advisory is especially … Read More

EmailShare
21 June 2021

Federal Government Interest in Cyber Continues: Congressional Hearings on the Colonial Pipeline Cyberattack

On May 7, 2021, Colonial Pipeline experienced a ransomware cyberattack on its corporate network. This attack, attributed to the DarkSide hacking group, led the company to temporarily halt the operation of its pipeline network—causing fuel shortages throughout the East Coast. Although highly publicized, the Colonial Pipeline cyberattack is not unique. … Read More

EmailShare
31 January 2019

In Landmark Case, Illinois Supreme Court Sets Low Bar For Claims Under Illinois’ Biometric Information Privacy Act

On January 25, 2019, the Illinois Supreme Court unanimously held that a plaintiff does not need to allege any actual injury or damages to successfully state a claim under the Illinois Biometric Information Privacy Act (BIPA). Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (Jan. 25, 2019) (a … Read More

EmailShare
XSLT Plugin by BMI Calculator