Posts

Showing posts with the label Health and Welfare

DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans

A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data. Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release No. 2024-01 . The EBSA’s purpose for the guidance was simple – confirm that the agency’s 2021 guidance generally applies to all ERISA-covered employee benefit plans, including health and welfare plans. In doing so, EBSA reiterated its view of the expanding role for ERISA plan fiduciaries relating to protecting plan data: “Responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks.“ In 2021, we outlined the DOL’s requirements for plan fiduciaries here, and in a subsequent post discussed DOL audit activity that followed shortly after the DOL issued its newly minted...