IT Governance

NOVEMBER 6, 2023

When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised. While investigating the incident, it discovered that confidential consumer information had been accessed by an unauthorised third party. Records breached: 815,000,000 Milford Management Corp.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Hunton Privacy

AUGUST 15, 2022

As part of the “access privileges” requirements under Section 500.7 Covered entities also must conduct an “impact assessment whenever a change in the business or technology causes a material change in the covered entity’s cyber risk.” As part of the “penetration testing and vulnerability assessments” requirements under Section 500.5

Financial Services 55

Financial Services Cybersecurity Risk Passwords 55

Data Protection Report

AUGUST 11, 2022

Covered entities must also periodically test their incident response plans (including “disruptive events such as ransomware,” which NYDFS specifically would require) and their ability to restore systems from backups. Asset inventories and Access Controls. Notifications to DFS. Cybersecurity Event Notification Would Expand. 500.17).

Cybersecurity 58

Cybersecurity Risk Passwords Compliance 58