December 4, 2020

Volume X, Number 339

Advertisement

December 04, 2020

Subscribe to Latest Legal News and Analysis

December 03, 2020

Subscribe to Latest Legal News and Analysis

December 02, 2020

Subscribe to Latest Legal News and Analysis

December 01, 2020

Subscribe to Latest Legal News and Analysis
Advertisement

Upcoming Deadlines for Covered Entities Subject to NYS DFS Cybersecurity Regulations

Last week, the New York State Department of Financial Services (“DFS”) issued a press release to remind covered entities of an upcoming deadline under the DFS cybersecurity regulations.  The next deadline under the regulations is February 15, 2018 – by that date, any covered entities (hopefully, you know who you are) must submit a statement to DFS certifying compliance with the regulations (excuse me, the landmark, first-in-the-nation regulations).  The certification must be submitted through DFS’ online cybersecurity portal.  A proposed certification of compliance form is attached as Appendix A to the regulations.

The press release also noted that cybersecurity will be incorporated into all future examinations conducted by DFS. Superintendent Maria Vullo stated “DFS’s regulation requires each entity to have an annual review and assessment of the program’s achievements, deficiencies and overall compliance with the regulatory standards” and that by including cybersecurity in future examinations, DFS will help prevent cybersecurity attacks.

Speaking of annual reviews and assessments, another deadline is approaching under the DFS cybersecurity regulations. By March 1, 2018 (the one year anniversary of the regulation), covered entities should submit their annual written report to their boards, governing bodies, or other appropriate individual/committee.   Also by this deadline, covered entities should have in place:

  • Regular cybersecurity awareness training;
  • Continuous monitoring or period penetration testing and vulnerability assessments;
  • Multi-factor authentication controls; and,
  • A process for the completion of written and documented periodic risk assessments of information systems in conformance with written policies and procedures.

 

Jackson Lewis P.C. © 2020National Law Review, Volume VIII, Number 33
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Rosemary McKenna, Health Care Lawyer, Jackson Lewis, Law firm
Principal

Rosemary McKenna is a Principal in the Albany, New York, office of Jackson Lewis P.C. She has more than 25 years of experience working with charitable, business and professional health care and commercial entities.

Ms. McKenna’s practice focuses on representing health care and commercial entities in transactional and operational matters. She has worked with national, state and regional organizations in all areas of their operations, including formation (drafting organizational documents, applications for tax-exempt status, policy/practice...

518-512-8700
Advertisement
Advertisement