The 9th U.S. Circuit Court of Appeals affirmed the district court’s ruling in Aqua Star (USA) Corp., vs Travelers Casualty and Surety Company of America. The case involved fraudulent emails purporting to be from the insured’s suppliers directing that the insured direct its payments to a new account purportedly opened by that supplier. Based on that fraudulent communication, the insured transferred $713,890 due its supplier to the fraudulent “new account.”
Tag: cybersecurity
DOJ Announces Federal Indictment in Massive Cyberfraud Enterprise
The Department of Justice announced the unsealing of a federal indictment charging 36 individuals for their alleged roles in the Infraud Organization, an Internet-based cybercriminal enterprise that is alleged to have engaged in a large-scale cyberfraud. The indictment alleges that the enterprise caused more than $530 million in actual losses to consumer, businesses, and financial institutions.
Continue reading “DOJ Announces Federal Indictment in Massive Cyberfraud Enterprise”
NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18
On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems. At a high level, the draft report is intended to:
- provide a functional description for IoT (Section 4);
- describe several IoT applications that are representative examples of IoT (Section 5);
- summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
- describe IoT cybersecurity objectives, risks, and threats (Section 7);
- provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
- map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).
Continue reading “NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18”
China Releases New Personal Information Privacy Standards
On January 25, 2018, China released the final version of the Personal Information Security Specification, new voluntary standards on the protection of personal information. The standards anticipate and address the “issues faced in personal information security during the rapid development of IT technology; with the protection of personal information as their core” and is meant to “regulate all phases of big data operations and related conduct, such as the collection, storage, processing, use and disclosure of personal information.” The standards will go into effect on May 1, 2018.
The standards will apply to organizations using information systems to process personal information; specific departments that involve network security, third party assessment organizations; and other organizations that deal with the oversight, management, and assessment of personal information security. Generally, they lay out the following 8 basic principles of personal information security.
Continue reading “China Releases New Personal Information Privacy Standards”
The SEC’s Cyber Specialty Unit Strikes With Its First Case
On December 4, 2017, the SEC Enforcement Division’s new Cyber Unit filed its first enforcement case for a fraudulent initial coin offering (ICO). This new specialty unit was established in late September to increase the Enforcement Division’s focus on cyber-related securities law violations. The focus areas of this unit include securities laws violations involving “blockchain” technologies and ICOs.
Continue reading “The SEC’s Cyber Specialty Unit Strikes With Its First Case”
Latest OCR Reminder Regarding Mobile Device Security and PHI
With the ever-increasing use of mobile devices in the workplace that create, receive, maintain, and transmit electronic protected health information (ePHI), the Department of Health and Human Services (HHS), Office for Civil Rights (OCR)’s latest Cybersecurity Newsletter issued an important reminder of the importance of mitigating the risks surrounding the use of mobile devices.
Mobile devices pose unique security risks because of their portability, small physical size, and capacity to store vast amounts of data. Both the Federal Trade Commission (FTC) and OCR frequently remind all organizations, but especially those entities that process ePHI, of the importance of protecting data on mobile devices.
Continue reading “Latest OCR Reminder Regarding Mobile Device Security and PHI”