NYDFS

Healthplex Inc. Consent Order with NY DFS

The New York State Department of Financial Services (DFS) issued a consent order against Healthplex, Inc. for violations of the state's Cybersecurity Regulation. Healthplex will pay a penalty and must implement corrective actions to comply with data protection and multi-factor authentication requirements.

Cybersecurity Alert: Cisco Zero-Day Vulnerabilities

The New York State Department of Financial Services issued a cybersecurity alert regarding active exploitation of Cisco zero-day vulnerabilities. Regulated entities are required to immediately identify affected Cisco devices and follow remediation steps outlined by CISA, including potential disconnection of end-of-support hardware.

NY DFS Guidance on Virtual Currency Custody and Customer Protection

The New York State Department of Financial Services has issued updated guidance on virtual currency custody and customer protection, replacing its 2023 guidance. The updated guidance provides further direction on sub-custody arrangements and emphasizes sound custody and disclosure practices to protect customers in the event of insolvency.

Guidance on Managing Third-Party Cybersecurity Risks

The New York State Department of Financial Services issued guidance on managing cybersecurity risks associated with third-party service providers. The guidance clarifies existing requirements and recommends best practices for covered entities to strengthen their oversight of these providers.

DFS Alert: Phishing Scam Targeting Regulated Entities

The New York Department of Financial Services (DFS) issued an alert regarding a phishing scam targeting regulated entities. The notice advises entities to exercise caution with unexpected communications and verify legitimacy before taking action.

Cybersecurity Advisory on Targeted Vishing Attacks

The New York State Department of Financial Services (DFS) issued a cybersecurity advisory highlighting an increase in targeted vishing attacks. Regulated entities are urged to review their cybersecurity programs and implement enhanced measures to protect against credential theft and unauthorized access.