Compliance Management

Inflation and recession loom large, but despite all the economic and budgetary pressures, companies need to think twice before combining the CISO and DPO roles.

The latest Office of Civil Rights cybersecurity newsletter reminds providers of their security incident response requirements under the HIPAA Security Rule, which can also support a more timely response.

The documents include a list of best practices for securing accounts, devices and data, vulnerability management, governance and the supply chain, as well as a “user friendly” worksheet for owners and operators in critical infrastructure to map their cybersecurity practices to standards developed by the National Institute for Standards and Technology and plan new investments.

Stronger restrictions are being proposed by the Federal Trade Commission against alcoholic beverage delivery platform Drizly following a data breach in 2020 that compromised sensitive information from 2.5 million individuals, which federal regulators earlier attributed to the service's persistent security lapses, according to CNN.

An audit of EyeMed found the insurer failed to conduct a risk assessment in compliance with New York’s cybersecurity regulation after its 2020 email hack impacting millions of patients.

In its third week of EHR downtime, CommonSpirit Health confirms only some of its care sites were impacted. As the public calls for more communication, healthcare stakeholders ask for patience amid the investigation into the ransomware attack.

CyberScoop reports that the White House National Security Council intends to introduce a consumer products cybersecurity labeling program next spring in an effort to bolster internet-connected devices' digital protections.