Current through Register Vol. XLI, No. 50, December 13, 2024
Section 163-3-2 - Definitions2.1. "Cyber attack" means an attack via cyberspace, targeting an enterprise's use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment or infrastructure; or destroying the integrity of data or stealing controlled information.2.2. "Cybersecurity incident" or "incident" means a violation, or imminent threat of a violation, of computer security policies, acceptable use policies, or standard security practices.2.3. "Cybersecurity Office" means the office created in W.Va. Code §5A-6B-1.2.4. "Cyberspace" means a global domain within the information environment consisting of the interdependent network of information systems infrastructures, including the Internet, telecommunications networks, computer systems, or embedded processors and controllers. 2.5 "Entity" means the State of West Virginia, including any department, division, agency, bureau, board, commission, office or authority thereof, any political subdivision of the State of West Virginia including, but not limited to, any county, municipality or school district.2.6. "Personally Identifiable Information" means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.2.7. "Protected Health Information" means individually identifiable health information that is transmitted by electronic media, maintained on electronic media, or transmitted and maintained in any other form or medium. Protected health information does not include individually identifiable health information in education records covered by the Family Education Rights and Privacy Act, as amended, 20 U.S.C. 1232g; records described at 20 U.S.C. 1232g(a)(4)(B)(iv); or employment records held by a covered entity in its role as an employer.