What We’re Reading – August 24, 2021
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
- Healthcare Continues to be Vulnerable to Ransomware: According to recent survey, despite continuing cyberattacks against healthcare and roughly half of respondents experiencing an externally motivated shutdown in the last six months, more than 60% of hospital IT teams have "other" spending priorities and less than 11% say cybersecurity is a high priority spend. As Bruce Sussman writes in SecureWorld News, “The cyber diagnosis? Risky, expensive, and damaging.”
- Pearson Slammed by SEC for Misleading Data Breach Disclosure: Public companies beware. The Securities & Exchange Commission is paying attention to how companies disclose data breaches. Pearson PLC will pay $1 million to settle charges that it misled investors in its failure to warn investors (or victims) of the extent and severity of a 2019 data breach – calling it a “data exposure.” Read InfoRisk Today for 5 takeaways from the Pearson incident. “In summary: Never hide relevant data breach facts from victims or investors.”
- CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches. The Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.
Author
Cynthia J. Larose
Member / Co-Chair, Privacy & Cybersecurity Practice
Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.