With the ever-expanding technology ecosystems of organizations, including the proliferation of Wi-Fi-enabled technology and interconnected smart devices, it’s no surprise that cybersecurity risks have increased. With a similar expansion of internet-of-medical-things, medical devices are increasingly at the forefront of potential threats. Last June, the U.S. Food and Drug Administration warned patients and health care providers that certain insulin pumps were being recalled because of vulnerabilities that could allow an outsider to connect and change a nearby pump’s settings. Hackers themselves have been sounding the alarm about these kinds of potential attacks, but doctors, hospitals and manufacturers have been slow to respond, due to limited resources and limited understanding of the threats and risks.
If you waited until the last minute to develop a data privacy program, well now it is required in New York. Signed into law on July 26, 2019 by Governor Cuomo, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act requires businesses to implement safeguards for the “private information” of New York residents and broaden New York’s security breach notification requirements.