Oregon has recently passed a new cybersecurity statute, joining California in requiring manufacturers of “connected devices” to equip qualifying technology with “reasonable security features.” The new law will go into force on January 1, 2020. For further analysis, visit our recent client alert.

Crowell & Moring has issued its Litigation Forecast 2018: What Corporate Counsel Need to Know for the Coming Year.”

 The Forecast cover story, “Data, Data Everywhere,” takes an in-depth look at the opportunities and challenges general counsel face in navigating the Big Data revolution.

 While data is a driver for innovation

Discussion headlines:  New guidelines for IoT; Russia blocks access to LinkedIn; Standing under the TCPA; Long distance search warrant power

The DHS and NIST Release Guidelines for the IoT

This week, both the Department of Homeland Security and the National Institute of Standards and Technology released a set of guidelines intended to secure the IoT. 

In a recent Law360 publication, C&M attorneys Rachel Raphael and Ellen Farrell discuss how the Internet of Things (IOT) can present complex insurance coverage issues.  As they explain, the tangible and intangible nature of IOT products can cause particular confusion between traditional general liability policies (which may exclude coverage for cyber incidents) and stand-alone cyber

HHS Jumps on the Cybersecurity Information Sharing Bandwagon; Third Circuit on Economic Loss as a basis for Negligence Claim; FTC workshop on Ransomware; German draft implementing law for GDPR revealed.

HHS Jumps on the Cybersecurity Information Sharing Bandwagon

Because of recent news reports confirming that cyberattacks against healthcare agencies have increased 125 % in the past five years, HHS is encouraging HIPAA Covered Entities and Business Associates to share information to combat future attacks.

HHS, based on authority from Executive Order 13591 and the Cybersecurity Information Security Act (CISA), is urging Covered Entities and Business Associates to join Information Sharing and Analysis Organizations (ISAOs) to share security threat and vulnerability information related to electronic protected health information (ePHI).

Ideally, ISAOs will provide a mechanism for sharing information bi-directionally “between HHS and the Health Care and Public Health (HPH) sector regarding cyber threats and will also provide outreach and education to the HPH sector.” This press release from HHS follows a similar measure by the Department of Homeland Security, which also encourages information sharing to mitigate the risk of cyberattacks.

In developing ISAOs in the health care sector, it is critical to consider three things:

  • the standards and best practices for the creation of ISAOs to ensure that covered entities and business associates that participate gain the protections of such information sharing under CISA;
  • the data that is shared in light of what is permitted under the HIPAA Privacy Rule; and
  • how participation in an ISAO can support compliance with the HIPAA Security Rule.

Crowell & Moring is a leading expert in the creation of ISAOs and HIPAA compliance and can help stakeholders that seek to comply with HHS’s call to action to consider the intersection of these various legal frameworks


Continue Reading Privacy & Cybersecurity Weekly News Update – Week of September 12