Adam Cohen

Subscribe to all posts by Adam Cohen

OCR releases YouTube Video Addressing “Recognized Security Practices” in HIPAA Enforcement Context

Photo of Kimberly GordyPhoto of Adam CohenPhoto of Craig RobinsonBy Kimberly Gordy, Adam Cohen and Craig Robinson on Posted in HIPAA/HITECH, Marketing
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior OCR cybersecurity advisor Nick Heesters addresses recognized security practices, or RSPs. In this video, Heesters answers a handful of questions … Continue Reading

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

Photo of Adam CohenPhoto of Kimberly GordyPhoto of Aleksandra VoldBy Adam Cohen, Kimberly Gordy and Aleksandra Vold on Posted in Healthcare
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the … Continue Reading

Federal Banking Regulators Issue 36-Hour Computer-Security Incident Notification Requirement

Photo of Adam CohenPhoto of Andreas KaltsounisPhoto of Jeewon SerratoPhoto of Shruti Bhutani AroraBy Adam Cohen, Andreas Kaltsounis, Jeewon Serrato and Shruti Bhutani Arora on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches
As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board of Governors (“Board”) jointly issued a final … Continue Reading

SEC Cybersecurity Actions Against Registered Firms for Business Email Compromises Emphasize Importance of MFA

Photo of Adam CohenPhoto of Jonathan A. FormanBy Adam Cohen and Jonathan A. Forman on Posted in Enforcement, Incident Response, Information Security, SEC
On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting from business email compromises that each exposed or potentially exposed the personal information of thousands of customers.[1] These enforcement actions underscore the following lessons for broker-dealers and … Continue Reading

Pairing Real-World™ Problems with Realistic Solutions – a Push for Practical Information Governance

Photo of James A. ShererPhoto of Adam CohenBy James A. Sherer and Adam Cohen on Posted in Information Governance
For those attorneys and information governance practitioners unfamiliar with recent pedagogic advancements, “real-world problem solving” moves teaching approaches away from the classical model that assumes individuals will operate logically and in self-interested ways to a more realistic view. The more realistic view then acknowledges the powers of wishful thinking, uneven knowledge across populations, and the … Continue Reading

A Risk-Based Approach to the SolarWinds Vulnerability Disclosures

Photo of Andreas KaltsounisPhoto of Adam CohenBy Andreas Kaltsounis and Adam Cohen on Posted in Cybersecurity
On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will likely become known as one of the most widespread and damaging cyber attacks in history, approximately 18,000 private and government organizations installed … Continue Reading

The New IoT Cybersecurity Act Is Here

Photo of Daniel PepperPhoto of Adam CohenBy Daniel Pepper and Adam Cohen on Posted in Internet of Things
Background Growing awareness regarding cybersecurity concerns with the Internet of Things (IoT) has achieved a milestone with the promulgation of the IoT Cybersecurity Improvement Act (the Act), which was signed into law by President Donald Trump on December 4, 2020. The Act requires the development, adoption and implementation of security standards for IoT devices by … Continue Reading
LexBlog