Tag: LLP | Page 5

Compliance with July 1 CMS Interoperability Rule Deadline May Pose Ransomware Risk | Arnall Golden Gregory LLP

June 25, 2021/in Internet Security

In recent months, the word “ransomware” has moved from a topic discussed only among cybersecurity professionals to a term used at dinner tables and water coolers across the country. Simultaneously, in the healthcare space, hospitals, healthcare systems, and payers are scrambling to meet the July 1, 2021 deadline for the first wave of interoperability and patient access requirements included in the final rule issued by the Centers for Medicare & Medicaid Services in June of 2020.

As system interoperability and connectivity increase, so does the risk of ransomware. Cybersecurity experts agree that one of the initial defenses against widespread ransomware is via network segmentation. Segmenting a network means, for example, ensuring that an organization’s IT environment is created in a manner where patient-facing technology does not interact with software running medical equipment. However, compliance with the Interoperability and Patient Access final ruling significantly impairs an organization’s ability to segment its network and exposes the organization to an increased risk of ransomware attacks.

To mitigate some of the risks while still complying with the Interoperability and Patient Access rule, we suggest companies do the following:

Frequent Backup – the more frequently data is backed up, the less power ransomware has over an organization. Losing an hour of data is much less harmful than losing a month.

Segmented and Encrypted Backup Encryption – although the rule makes it difficult to segment production environments, it does not prevent segmenting backup data. Companies should ensure that the backups are also encrypted to provide an additional layer of defense.

Thorough Vendor Review – an organization’s security is only as strong as its weakest link, and no complex healthcare ecosystem can exist without the use of third-party vendors. Therefore, vendors should be thoroughly vetted and investigated prior to onboarding to ensure that the security procedures do not introduce unnecessary risk into the technology environment.

Scoping for Clarity, Cooperation, and Root Cause Analysis – ensure that each of your vendors has an obligation to cooperate with both…

Source…

Key Takeaways from Federal R&D Workshop Focused on 5G Testing and Use Cases for Drones and Smart Warehouses | Wiley Rein LLP

May 10, 2021/in Mobile Security

On April 27 and 28, 2021, the Networking & Information Technology Research-Development (NITRD), Advanced Wireless Test Platform (AWTP), and Federal Mobility Group (FMG) hosted a Workshop on the FMG’s Framework to Conduct 5G Testing (Framework), published last November. The purpose of the webinar was to “provide an overview of the process and the testing framework elements needed to conduct 5G testing for different use cases.” The workshop focused on two selected federal 5G use cases: unmanned aircraft systems (UAS or drones) and smart warehouses.

Below, we highlight several key takeaways from the workshop.

First, the Framework aims to guide federal agencies in establishing 5G testing capabilities suited to their needs through either: (1) building or leasing a testbed from a carrier-grade equipment manufacturer; (2) using existing external labs and testbeds (e.g., a federal lab, university lab, or in coordination with DoD); or (3) through some combination of the two.

Second, the National Science Foundation (NSF) is focused on how the Government is using both testbeds and data-driven research to support 5G use and innovation. NSF recently issued a Request For Information on dataset needs “to conduct research on computer and network systems,” with comments due by May 21.

Third, the FMG’s Mobile Security Working Group is focused on FISMA mobility metrics to drive key technologies like mobile threat defense, which aims to advance the overall security posture of the federal government on mobile platforms.

Fourth, within NITRD and the AWTP there is a Wireless Spectrum R&D interagency working group (WSRD) that has been involved in the whole-of-government effort under the National Strategy to Secure 5G Implementation Plan’s Line of Effort 1.1, to assist with “[r]esearch, development, and testing to reach and maintain United States leadership in secure 5G and beyond.” WSRD’s work related to this Line of Effort remains ongoing.

5G Use Case: Drones

The workshop included several UAS use case panels, which discussed the use of cellular frequencies for drone operations and UAS Traffic Management (UTM) issues.

Christopher Nassif, from the Federal Aviation…

Source…

Data Privacy + Cybersecurity Insider – April #4 | Robinson & Cole LLP

April 23, 2021/in Internet Security

CYBERSECURITY –

NSA Issues New Warning About Four Critical Patches to Microsoft Exchange Servers –

The National Security Agency (NSA) recently issued a warning to private industry about four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 used on-premises. The NSA recommends immediate patching of the vulnerabilities before they are exploited by threat actors.

Please see full Publication below for more information.

Source…

Nutter Bank Report: December 2020 | Nutter McClennen & Fish LLP

December 23, 2020/in Computer Security

Headlines

FDIC Modernizes Brokered Deposit Rule and Amends Interest Rate Restrictions
CFPB Expands the Definition of a Qualified Mortgage for Truth in Lending Purposes
FDIC Adopts New Rules Regulating Parent Companies of Insured Industrial Banks
Joint Guidance on Fintech Due Diligence Requirements for Community Banks to Come
Other Developments: LIBOR Transition, Branch Applications, and SAR Filing Requirements

1. FDIC Modernizes Brokered Deposit Rule and Amends Interest Rate Restrictions

The FDIC has adopted a final rule that establishes new standards for determining whether deposits made through certain kinds of arrangements with third parties qualify as brokered deposits, such as those between banks and financial technology (“fintech”) companies. The final rule approved on December 15 also amends the methodology for calculating the interest rate restrictions that apply to less than well capitalized banks by defining the “National Rate” as the weighted average of rates paid by all banks and credit unions on a given deposit product based on each institution’s market share of domestic deposits. The final rule includes an exclusion from the definition of a brokered deposit for deposits placed by a third party that has an exclusive deposit placement arrangement with one bank. The final rule identifies several, specific business relationships involving the placement of a customer’s funds on deposit at a bank by the agent of the customer as meeting the primary purpose exception—which applies to exclude a deposit from the definition of a brokered deposit when the primary purpose of the agent’s business relationship with its customers is not the placement of funds with banks. Such “designated exceptions” in the final rule include, among others, agents that place customer funds into Health Savings Accounts for the primary purpose of paying for or reimbursing qualified medical expenses, property management firms that place customer funds into deposit accounts for the primary purpose of providing property management services, and agents that place customer funds into deposit accounts for the primary purpose of providing mortgage servicing. The final rule allows…

Source…

Tag Archive for: LLP