The Securities and Exchange Commission (SEC) finalized a rule in July 2023, effective from September 5, 2023, mandating publicly traded companies to promptly disclose cyber incidents. The rule standardizes breach disclosures, impacting public healthcare entities and vendors serving the healthcare sector. It requires reporting material cybersecurity incidents within four days, except when national security is at risk. Critics argue the tight timeline may lead to unclear or inaccurate disclosures. The rule also demands periodic disclosures on cyber risk management, aiding vendor assessment. Non-compliance may result in penalties, emphasizing the need for improved cybersecurity practices.

Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Oracle Health Customers Whose Data May Have Been Compromised
National class action law firm Edelson Lechtzin LLP is investigating data privacy violations at Oracle Health. In February 2025, Oracle Health discovered a security breach