Tag:

cyber-security

Navigating the Genetic Frontier: 23andMe and the Challenges of Data Security

A recent situation involving millions of 23andMe users has raised significant concerns about data privacy and regulatory oversight. After sending a small tube of saliva to uncover ancestral roots, many individuals discovered that their genetic data had been compromised. 23andMe has transformed genetic testing by offering accessible health and ancestry information to consumers from the comfort of their homes. Since its inception, the company has faced regulatory challenges and became the first direct-to-consumer genetic genealogy test to receive FDA approval. While the company has largely avoided legal trouble over the years, recent data breaches have sparked legal action and underscored gaps in consumer protection. 

Cybersecurity Compliance: Safeguarding Sensitive Information

In today’s interconnected world, cybersecurity regulations have become crucial for organizations to safeguard sensitive information, mitigating legal and commercial risks. Navigating the complex landscape of regulatory compliance can be a daunting task. However, organizations can effectively meet the regulatory compliance challenge and protect their data with the appropriate standards, procedures, and protocols.

Whatever happens in Vegas, will not stay in Vegas – Casino Cyberattacks

On September 11th, 2023, a cyberattack flooded the front pages of publications around the world- MGM Resorts and Caesars Entertainment were the victims of a costly incident. Patrons looking to enter their hotel rooms, go for another spin on the slot machines, or use casino rewards, were appalled at the persistent error messages that kept disrupting them from doing so. The breach had lasted over a week without a concise and strong end to the damage, leaving travelers vulnerable. It is customary that companies seek to find the culprit of the breach, deplete its ability to do more damage, and inform patrons of their safety being returned, and this proactiveness was missing.

ChatGPT Artificial Intelligence: Cybersecurity Risks and Ethical Concerns

From “Fake news” to misinformation and Bots; it has become overwhelmingly challenging to authenticate information on the internet. This has not stopped the evolution of technology as innovators compete to be on the cutting edge of the latest software.  OpenAI is an artificial research and deployment company that is responsible for the launch of ChatGPT in November of 2022. The newly released artificial intelligence chatbot is trained to generate realistic and convincing text. The software was fed human literature and internet language enabling it to create a body of text within the parameters of the prompt presented. With more than 1 million users, it has gained traction across the masses. However, the natural language processor has sparked controversy over cybersecurity threats and ethical concerns in its usage.  

A Collaborative Effort in Defeating Healthcare Cyber Attacks

In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector.  The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.

SEC Proposes Rules to Combat Cyber-Attacks

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. In an attempt to further protect against cybersecurity attacks and increase cyber transparency among issuers and investors President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Before CIRCIA goes into effect, it requires the Cybersecurity and Infrastructure Security Agency (CISA) to complete mandatory rulemaking activities, to develop/publish a Notice of Proposed Rulemaking (NPRM), and a final rule. The SEC proposal and CIRCIA both have different implications, but both will increase cybersecurity regulations and procedures, even making employees more conscious of potential attacks.

PATCHing Health Technologies: Medical Device Security is the Target in Congress’ Aim

Conversations about the privacy and security of health information systems and patient data are ongoing, and frequently front-page news. But what about healthcare’s “internet of things”? More specifically, the web of wearable or implantable medical devices, and the applications that go along with them, which collect and transmit health information? The Food and Drug Administration (FDA) is charged with approving medical devices for patient use in a clinical setting, such as pacemakers. These devices require FDA approval and cannot be altered after receiving that approval. Additionally, an upgrade to an approved device could result in the need for an entirely new FDA approval, making device’s security essentially obsolete soon after its deployment. The inability to upgrade device security poses a unique cybersecurity risk. And this risk is one that Congress seems poised to take on.

The First Cyber War: The Threat of Russian Cyberattacks has Thrust Cybersecurity Compliance into the Spotlight

The impact of Russia’s unprovoked attack on Ukraine on February 24, 2022 has not only caused a horrific human rights crisis but has also had a dramatic effect on how the world conducts business, felt well beyond the borders of Russia and Ukraine. Warnings of an imminent Russian cyberattack on critical United States infrastructure has small and large businesses alike brushing up their cybersecurity policies to ensure they are compliant with current best practices in the likely event of a Russian cyberattack and impending federal legislation.

The Quiet Corporate Health Cybersecurity Struggle Playing Out in Plain Sight

Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.

Hospitals Across the Country at Serious Risk for Coordinated Ransomware Attacks

The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.