In August 2009, the Federal Trade Commission (FTC) issued the Health Breach Notification Rule (Breach Rule), which requires vendors of personal health records and related entities to provide notice to consumers following a breach. After over a decade without any enforcement of the Breach Rule, the FTC issued a policy statement in September 2021 clarifying that health apps and connected device companies must comply with the Breach Rule. Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services, Clearwater, speaks with Ty Kayam, Attorney, Microsoft, and Adam Greene, Partner, Davis Wright Tremaine LLP, about the history of the Breach Rule, the FTC’s new interpretation, and potential future enforcement.
In this episode, we discuss the critical role of Endpoint Detection and Response (EDR) systems in cybersecurity, particularly in healthcare. We explore the concept of 'EDR killers'—malicious software designed to disable EDR solutions—and the conditions that make these attacks successful.