Search Results for: ransomware

NYDFS Issues Guidance on Artificial Intelligence-related Cybersecurity Risks

October 17, 2024 By Kim Peretti, Ashley Miller and Lance Taubin

On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry Letter”). The Industry Letter contains guidance for entities regulated by NYDFS (“Covered Entities”) in assessing and responding to cybersecurity risks related to the use […]

DOJ Unseals Indictment of Evil Corp Member, While OFAC Announces New Evil Corp Sanctions

October 9, 2024 By Kim Peretti and Kelly Hagedorn

On October 1, 2024, the Department of Justice (“DOJ”) unsealed an indictment against Aleksandr Viktorovich Ryzhenkov (Александр Викторович Рыженков), a member of the ransomware group Evil Corp. The indictment charges Ryzhenkov with several violations of the Computer Fraud & Abuse Act, as well as conspiring to commit money laundering, arising from his use of a […]

SEC Corporation Finance Provides Additional Guidance on the Disclosure of Material Cybersecurity Incidents in Form 8-K

July 10, 2024 By Seol Namgoong, Sierra Shear, Cara Peterman and Kim Peretti

On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material” cybersecurity incidents in Item 1.05 of Form 8-Ks. The C&DIs present hypothetical fact patterns related to ransomware attacks and insurance reimbursement for damages […]

SEC Settlement Suggests the Agency’s Attempt to Regulate Cybersecurity Controls

July 2, 2024 By Cara Peterman, Kim Peretti, David Brown, Sierra Shear and Madeleine Juszynski Davidson

On June 18, 2024, the SEC announced a $2.125 million settlement with R.R. Donnelley & Sons Co. (“RRD”) related to the company’s 2021 ransomware attack (the “Incident”). The settlement, and the SEC’s accompanying cease-and-desist order (the “Order”), portend the agency’s continued and increasing oversight over registrants’ cybersecurity policies and practices. Background RRD is a global […]

New York State Department of Health Revises Proposed Hospital Cybersecurity Regulations

June 27, 2024 By Andrew Liebler and Alysa Austin

In May 2024, the New York State Department of Health (“NYSDOH”) issued revisions to proposed regulations on hospital cybersecurity that it first released in November 2023. The proposed revised regulations are subject to public comment ending on July 1, 2024, and would apply to general hospitals licensed under Article 28 of the NYS Public Health […]