Today’s compliance threat summary highlights the increasing risk of ransomware attacks and data breaches, particularly within the healthcare sector. New York regulators are cracking down on insurance firms with poor cybersecurity, while phishing campaigns are targeting password managers. Additionally, new regulations are impacting data transfers and federal grant processes, demanding increased vigilance.
Top 5 Critical Compliance Alerts
- Cyberattackers Target LastPass, Top Password Managers: Phishing campaigns are exploiting employee trust in password vaults. Read more
- Kettering Health Confirmed Patient Data Compromised in May 2025 Ransomware Attack: Investigation confirms patient data was compromised in a ransomware attack. Read more
- NY DFS Nails Insurance Firms on Cyber Fails: New York regulators fined insurance firms for poor cybersecurity practices leading to privacy breaches. Read more
- Cybersecurity Firm Reports 36% YOY Increase in Ransomware Attacks: Black Fog’s Q3 2025 report shows a significant rise in ransomware attacks. Read more
- ITRC: 23 Million Individuals Affected by Data Breaches in Q3, 2025: System compromises and data breaches continue to affect millions. Read more
Compliance Frameworks
- Eastern Radiologists Agrees to $3.35 Million Data Breach Settlement: Settlement reached over a 2023 data breach impacting patient data. Read more
Regulatory Updates
- California Restricts Use of Common Pricing Algorithms, Reforms the Pleading Standard for Certain Antitrust Claims, and Increases Penalties: California enacted AB 325 and SB 763, amending the Cartwright Act. Read more
- NY DFS Nails Insurance Firms on Cyber Fails: New York regulators fined insurance firms for poor cybersecurity practices leading to privacy breaches. Read more
- The Sensitive Data Bulk Transfer Rule: What You Need to Know: The U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is now in effect, impacting due diligence and compliance requirements. Read more
- Executive Order Reshapes Federal Grants Process: An executive order aims to improve federal grantmaking oversight and accountability. Read more
- Executive Order 14331: Navigating the New Era of Fair Banking: The Consumer Finance Podcast: Discusses implications of President Trump’s Executive Order 14331, “Guaranteeing Fair Banking for All Americans.” Read more
Third-Party Risk & Due Diligence
- When Supplier Data Lives in Silos, Risk Lives Everywhere: Fragmented supplier data across different sites poses a significant risk to manufacturers. Read more
- Background Check Software Buyer’s Guide: Guide to researching background check software based on size, structure, and risk profile. Read more
- Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk: Secrets exposed in Visual Studio Code marketplaces put supply chains at risk. Read more
Policy & Governance Updates
- When national cyber incidents break records, CEOs can’t stay outsiders: UK government demands action from CEOs on cyber threats. Read more
- AI Agent Security: Whose Responsibility Is It?: The shared responsibility model is key to agentic services, but awareness and risk management are challenging. Read more
- AI Chat Data Is History’s Most Thorough Record of Enterprise Secrets, Secure it Wisely: AI interactions are revealing records of human thinking, impacting law enforcement, accountability, and privacy. Read more
- From Capital to Clinics: California Reins in Private Equity Power to Address Corporate Practice of Medicine (CPOM) Concerns: California enacts bills impacting private equity firms and physician practices. Read more
