In today’s interconnected world, cybersecurity regulations have become crucial for organizations to safeguard sensitive information, mitigating legal and commercial risks. Navigating the complex landscape of regulatory compliance can be a daunting task. However, organizations can effectively meet the regulatory compliance challenge and protect their data with the appropriate standards, procedures, and protocols.
On September 11th, 2023, a cyberattack flooded the front pages of publications around the world- MGM Resorts and Caesars Entertainment were the victims of a costly incident. Patrons looking to enter their hotel rooms, go for another spin on the slot machines, or use casino rewards, were appalled at the persistent error messages that kept disrupting them from doing so. The breach had lasted over a week without a concise and strong end to the damage, leaving travelers vulnerable. It is customary that companies seek to find the culprit of the breach, deplete its ability to do more damage, and inform patrons of their safety being returned, and this proactiveness was missing.
From “Fake news” to misinformation and Bots; it has become overwhelmingly challenging to authenticate information on the internet. This has not stopped the evolution of technology as innovators compete to be on the cutting edge of the latest software. OpenAI is an artificial research and deployment company that is responsible for the launch of ChatGPT in November of 2022. The newly released artificial intelligence chatbot is trained to generate realistic and convincing text. The software was fed human literature and internet language enabling it to create a body of text within the parameters of the prompt presented. With more than 1 million users, it has gained traction across the masses. However, the natural language processor has sparked controversy over cybersecurity threats and ethical concerns in its usage.
In an effort to improve cybersecurity in the healthcare sector, a bipartisan bill was introduced in Congress on September 13, 2022, by Republican Brian Fitzpatrick of Pennsylvania and Democrat Jason Crow of Colorado. The Healthcare Cybersecurity Act relies on a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together in improving cybersecurity in the healthcare sector. The Act has been introduced as a result of record high increases in health data breaches across the country over the last several years. The goal is to provide resources for training and heighten efforts taken across the nation to mitigate cybersecurity risk. The Act would not only improve patient care but save healthcare cost by taking a proactive approach.
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. In an attempt to further protect against cybersecurity attacks and increase cyber transparency among issuers and investors President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Before CIRCIA goes into effect, it requires the Cybersecurity and Infrastructure Security Agency (CISA) to complete mandatory rulemaking activities, to develop/publish a Notice of Proposed Rulemaking (NPRM), and a final rule. The SEC proposal and CIRCIA both have different implications, but both will increase cybersecurity regulations and procedures, even making employees more conscious of potential attacks.
Conversations about the privacy and security of health information systems and patient data are ongoing, and frequently front-page news. But what about healthcare’s “internet of things”? More specifically, the web of wearable or implantable medical devices, and the applications that go along with them, which collect and transmit health information? The Food and Drug Administration (FDA) is charged with approving medical devices for patient use in a clinical setting, such as pacemakers. These devices require FDA approval and cannot be altered after receiving that approval. Additionally, an upgrade to an approved device could result in the need for an entirely new FDA approval, making device’s security essentially obsolete soon after its deployment. The inability to upgrade device security poses a unique cybersecurity risk. And this risk is one that Congress seems poised to take on.
The impact of Russia’s unprovoked attack on Ukraine on February 24, 2022 has not only caused a horrific human rights crisis but has also had a dramatic effect on how the world conducts business, felt well beyond the borders of Russia and Ukraine. Warnings of an imminent Russian cyberattack on critical United States infrastructure has small and large businesses alike brushing up their cybersecurity policies to ensure they are compliant with current best practices in the likely event of a Russian cyberattack and impending federal legislation.
Cyberattacks on the healthcare industry have reached a fever pitch. In 2020 alone, there was a drastic increase in healthcare organization cybersecurity breaches. In 2021, the average cost of a healthcare data breach increased by over $2 million to $9.23 million. Healthcare providers continue to be the most targeted industry for cybersecurity breaches, with over ninety-three percent of healthcare organizations experiencing a data breach over the past three years. 306 breaches of unsecured protected health information (“PHI”) impacting 500 or more individuals were reported to the U.S. Department of Health and Human Services (“HHS”) in 2020. Yet healthcare organizations continue to be ill-equipped to handle this growing problem.
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.
As our society evolves over to a more digital world, it is important to take a step back and review what we are putting online. Recently, data breaches have become a common occurrence in our day-to-day lives. In 2016, personal information from about 25 million Uber customers and drivers in the United States. The notorious website for individuals seeking extra marital affairs, Ashley Madison, has itself fallen victim to a data breach. The hacker dumped 9.7 gigabytes of data into/onto the dark web. The data released in the Ashley Madison breach included names, passwords, addresses, and telephone numbers of users who created an account on the site. When data breaches like these happen, the Federal Trade Commission (FTC) steps in to protect the United States consumers by investigating the source of data breaches and prosecuting hackers.