In the last week, both the Dept. of Homeland Security and the Food and Drug Administration have issued a consumer alert about the potential hacking risk regarding cardiac devices, specifically because those devices have no encryption on their software. The devices in question are implantable cardiac devices, clinic programmers and home monitors which are used to regulate one’s heartbeat rate – to speed it up or slow it down, as needed. The focus this time is on the Medtronic Conexus Radio Frequency Telemetry Protocol. Given this latest notice, one has to wonder what will be the impact of the California IoT law.
What both federal agencies had to say is short range access allows interference with, generation, modification or interception of communications. There is also the ability to read/write any valid memory location on the implanted device and, therefore, impact its intended functionality. (more…)
Just about every survey of General Counsels reveals the same #1 culprit of sleepless nights….. a cybersecurity hack. If you run a business in today’s global environment, it is hard to escape the fundamental reality that it is more than likely a matter of when, not if, you will face a cyber threat. And depending on the nature of your business, that threat can have a wide range of implications. If you are a public company, there is an additional issue to consider… what do you have to disclose to your investors and shareholders?
Being prepared for a hack with a comprehensive written information security plan and an equally robust incident response plan is just one component to be considered if you are a public company. You must also have a plan to meet your reporting and disclosure obligations to a variety of governmental bodies. While measuring your response needs in the wake of a hack, and determining if there are state, federal or international laws and regulations that require reporting, you must also pay close attention to possible disclosure obligations in your SEC filings. Specifically, if you have tripped a disclosure to a state attorney general or your company’s customers, then it is possible you may also have a disclosure obligation to your shareholders. (more…)