This compliance intelligence digest highlights critical vulnerabilities and regulatory shifts impacting organizations. Key alerts include a zero-day exploit in Fortinet firewalls, security weaknesses in the NIH’s research program, and significant data breach settlements in healthcare. We also cover updates on European deforestation regulations, NCAA betting policies, and the impact of Supreme Court rulings on compliance.
Top 5 Critical Compliance Alerts
- Fortinet Zero-Day Exploited: Patches are available for a critical OS command injection vulnerability in Fortinet web application firewalls. Update immediately to mitigate risk. Read more
- NIH Security Weaknesses: An audit reveals privacy and security flaws in the NIH All of Us Research Program. Immediate remediation is crucial. Read more
- Omni Family Health Data Breach Settlement: Omni Family Health settles a class-action lawsuit for $6.5 million following a data breach affecting 39 health centers. Read more
- CarePro Data Breach Settlement: CarePro Health Services agrees to pay $1.3 million to settle a class-action lawsuit related to a data breach. Read more
- Railway Braking Systems Tampering: Critical railway braking systems are vulnerable to tampering using readily available materials, posing a significant safety risk. Read more
Compliance Frameworks
- Defense in Depth & SOC 2: A blog post discusses how a defense-in-depth strategy relates to SOC 2 compliance, emphasizing the need for more than a checklist approach to security. Read more
Regulatory Updates
- 2026 Physician Fee Schedule: CMS issues the 2026 Medicare Physician Fee Schedule final rule, adopting policies related to calculating and reporting average sales prices (ASP) for drugs. Read more
- European Deforestation Directive: Implications of the EUDR for Africa’s food security, highlighting compliance pressures for smallholder farmers. Read more
- Cayman Closed-Ended Fund Regulatory Obligations: Overview of the regulatory obligations for Cayman Islands closed-ended funds as of November 2025. Read more
Audit & Monitoring Tools
- EBA Peer Review on CVA Risk: The EBA publishes a follow-up peer review report on EU competent authorities’ supervisory practices regarding credit valuation adjustment (CVA) risk. Read more
- NIH Security Program Audit: An audit of the NIH All of Us Research Program has uncovered privacy and security weaknesses. Read more
Policy & Governance Updates
- NCAA Betting Policy Change: The NCAA plans to allow student-athletes and athletics staff to bet on professional sports in states where it’s legal, starting Nov. 22. Read more
- Supreme Court Ruling & Deregulation: Examines how the Supreme Court’s 2024 Loper Bright decision impacts regulatory controls under the Trump Administration’s deregulatory agenda. Read more
