Category Archives: cybersecurity

Why You Need Law Firm Data Breach Response Plan

Hacking was once again prominently in the news when it was announced right before the Democratic National Convention that Democratic Party emails had been compromised. This comes after an incident earlier this year when it was announced that hackers broke into the computer networks at a number of well-known law firms, including Cravath Swaine & …

Read more »

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. What Is Ransomware? …

Read more »

Panama Papers: What Attorneys Can Learn from History’s Largest Data Breach

On April 3, 2016 the public learned that millions of client documents from the Panamanian law firm and corporate services provider Mossack Fonseca & Co. (MF) had made their way to an international organization, the International Consortium of Investigative Journalists (ICIJ), and that the information would be used to publish potentially damaging stories. In addition, …

Read more »

Employee Error Accounts for Most Security Breaches

A recent study by a well-known information security company captures one of the most common information security fallacies: that information security is a technology problem. Most businesses view mitigating information security risks as falling squarely in the purview of their information technology department. However, this study reports that human error actually accounted for nearly two-thirds …

Read more »

security breaches

Fiduciary Risk in Data Privacy and Cybersecurity? You Bet!

Health plan administrators are (or certainly should be) well-versed in their obligations under the Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH). Failure to secure protected health information (PHI) from disclosure can result in civil monetary penalties of up to $1.5 million …

Read more »

Early Settlement of Home Depot Consumer Data Breach Claims – Start of Trend?

home-depot image

Last week, a federal court in Atlanta issued an order preliminarily approving a proposed settlement – valued up to $19.5 million – of the consumer claims arising from the 2014 theft of payment card data from Home Depot.  The cash and noncash terms of the proposed settlement are unexceptional.  What is unusual about this settlement is its …

Read more »

security breaches

Ransomware: How It Works and What You Can Do

“Ransomware” is making big news, with reports that a California hospital paid $17,000 to regain access to its network after malware locked access to files. This is a case, however, of the news catching up to the facts. Ransomware has been one of the fastest growing forms of cyberattack over the last year. According to …

Read more »

security breaches

Homeland Security Releases Cybersecurity Information Sharing Act Guidelines

The US Department of Homeland Security (DHS) issued guidance this week to assist nonfederal entities to share cyber threat indicators and defensive measures with federal entities under the Cybersecurity Information Sharing Act of 2015 (CISA). CISA was passed as part of the Cybersecurity Act of 2015 and directs the Attorney General and the Secretary of …

Read more »

Ransomware Strikes California Hospital – Could You Be Next?

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack …

Read more »

Law Firm Data Breach

Hollywood Presbyterian Concedes to Hacker’s Demands in Ransomware Attack

In a chain of events that should be a wake-up call to any entity using and storing critical health information, Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a malware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack that locked access to …

Read more »