Top Stories
Telehealth Apps Sharing Consumer Data Draw FTC Crackdown - WSJ
The Federal Trade Commission is cracking down on the data-sharing practices of telehealth companies, focusing on widespread uses of data that many companies in the industry have failed to disclose to users.
First Citizens-SVB Deal Gives Startups, VCs More Certainty
Cybersecurity startups that for decades turned to Silicon Valley Bank in a pinch will now find themselves working with a 125-year-old financial institution based in North Carolina.
Breaches
CareFirst decision cites 'actual harm' requirement in data breach lawsuits | SC Media
In a March 28 filing, a D.C. Circuit Court judge refused to join three data breach lawsuits against CareFirst into a class action.
Security
FDA Will Begin Rejecting Medical Devices Over Cyber Soon
Medical device makers must include a cybersecurity plan in new product applications for Food and Drug Administration premarket approval, the agency announced Wednesday.
Microsoft's new Security Copilot will help network admins respond to threats in minutes, not days | Engadget
Security Copilot is similar to the large language model (LLM) that drives the Bing Copilot feature, but with a training geared heavily towards network security rather than general conversational knowledge and web search optimization.
New CISA tool detects hacking activity in Microsoft cloud services
Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.
Privacy
Inadequate Healthcare Cybersecurity Maturity Jeopardizes Patient Privacy
CYE found that the healthcare cybersecurity maturity score lags behind other sectors, putting patient privacy and sensitive data at risk due to weak EHR systems, telemedicine, and other security vulnerabilities.
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
The law will go into effect on 1 Jan. 2025, giving organizations 21 months to comply with the new requirements from this state with over 3 million residents.
CPRA regulations finalized with OAL approval
The California Privacy Protection Agency announced its first California Privacy Rights Act rulemaking package was approved by the California Office of Administrative Law following a review.
The rise of US state-level BIPA: Illinois leads, others catching up
Recent cases before the Supreme Court of Illinois padding BIPA litigation sounded alarms around the privacy community. In the case of Tims v. Black Horse, the court determined BIPA claims have a 5-year statute of limitations. That decision was followed by Cothron v. White Castle, which found separate BIPA claims accrue for every biometric scan taken from an individual.
Misc
Quarterly Cyber Insurance Update: February 2023 - WSJ
In this quarter’s update: cyber insurance premium increases are slowing, insurers move away from questionnaires, carriers appeal a war exclusion ruling, and capacity is forecast to increase.