Top Stories
Medical Device Security Provision Now Part of Spending Bill
On page 3,537, a provision of the omnibus spending bill would empower the Department of Health and Human Services to require medical device makers to meet certain cybersecurity requirements in their new product submissions to the Food and Drug Administration.
Corporate Tech Leaders Untangle Their Cybersecurity Roles - WSJ
Many executives now say that as their roles around cyber appear to converge, they are working to sort out the dividing lines between their shared security and IT responsibilities.
Breaches
Average cost of a data breach expected to hit $5 million in 2023 | SC Media
Acronis on Monday reported that threats from phishing and malicious emails have increased by 60% and the average cost of a data breach could reach $5 million by next year.
Security
Citrix Releases Patches For Cybersecurity Vulnerability Used to Target Healthcare
HHS knows of healthcare entities that have been compromised by the exploitation of this vulnerability, a sector alert from the Health Sector Cybersecurity Coordination Center (HC3) stated. HC3 urged healthcare and public health organizations to implement these patches immediately.
Okta's GitHub Repository Hacked; Code Stolen, Customers Safe
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
Privacy
Data privacy rules are sweeping across the globe, and getting stricter
Businesses, especially those in highly regulated sectors such as financial services, health care and government — and those that operate in multiple countries — are faced with a growing number of data privacy regulations.
CPPA anticipates final CPRA regulations will be effective by April
While the CPRA takes effect in just under two weeks — on Jan. 1, 2023 — the California Privacy Protection Agency is still working to promulgate final rules. During a Dec. 16 board meeting, CPPA Executive Director Ashkan Soltani said the final rules will likely be released in late January. Under that timeline, with a 30-day review by the California Office of Administrative Law, the regulations would take effect around April.
Europe
UK Privacy Regulator Names and Shames Breached Firms - Infosecurity Magazine
The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts.
Businesses Hope for Legal Clarity on Trans-Atlantic Data Privacy in 2023 - WSJ
Companies expect to move personal data between the European Union and the U.S. with less legal risk in 2023, when a new trans-Atlantic deal on data privacy is set to take effect after more than two years of geopolitical wrangling.