In late September, two subcommittees of the U.S. House of Representatives held a joint hearing on responding to ransomware attacks. The hearing—held by the Subcommittee on Cybersecurity, Information Technology, and Government...more
On January 26, 2023, the Department of Justice announced its successful “months-long disruption campaign” against a ransomware group known as Hive, signaling the United States’ increased efforts to combat ransomware attacks...more
The fallout from one of Australia’s worst data breaches continues to unfold. As we previously reported, in October 2022, Russian hackers stole approximately 9.7 million customers’ sensitive data from Medibank, Australia’s...more
Medibank, one of Australia’s largest private health insurers, detected a ransomware attack in October 2022. The attackers, believed to be part of a criminal organization based in Russia, exfiltrated approximately 9.7 million...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
4/5/2022
/ Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Information Reports ,
Popular ,
Ransomware ,
Risk Management
Throughout the COVID-19 crisis, we have focused on the significant uptick in ransomware attacks. Government agencies such as OFAC, CISA, and New York’s DFS have updated their guidance on how to prepare for and respond to...more
The Biden Administration is zeroing in on cybersecurity. In the wake of a high-profile wave of cyberattacks, including the SolarWinds supply chain attack and the more recent Colonial Pipeline ransomware attack, President...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to...more
9/4/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Medical Records ,
Medical Research ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware
Well before the California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) commenced on July 1, 2020, as we have recently reported, private plaintiffs had already jumped into the fray, suing...more
The FBI’s Internet Crime Complaint Center, better known as IC3, released its 2018 Internet Crimes Report. For those unfamiliar with the IC3, it was established by the FBI in May 2000 as a central repository for public...more
The nation’s top law enforcement agency is rebooting its cybercrime capabilities.
In an effort to keep up with the evolving threats against property, critical infrastructure and human life posed by cyber-attacks –especially...more
Yesterday, the United States indicted two Iranian hackers for their roles in a series of major ransomware attacks that started in 2016 and lasted almost three years. The attacks crippled schools, hospitals, the private...more
In Accenture’s 2018 State of Cyber Resilience for Banking & Capital Markets study, the consulting firm reported the rate at which cyber-attacks on banking and capital markets firms are successful dropped from 36 percent in...more
In a significant ruling addressing the scope of the attorney-client privilege and work product doctrine in a data breach case, a Federal judge in Oregon ordered Premera Blue Cross, the Washington-based healthcare services...more
11/10/2017
/ Attorney-Client Privilege ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Discovery ,
Health Insurance ,
HIPAA Breach ,
Personally Identifiable Information ,
PHI ,
Premera Blue Cross ,
Putative Class Actions ,
Work-Product Doctrine
New filings in the consolidated Home Depot data breach litigation, which we have previously covered on this blog, indicate that Home Depot and the remaining financial institution plaintiffs have reached a...more
3/13/2017
/ Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Debit and Credit Card Transactions ,
Financial Institutions ,
Home Depot ,
Malware ,
Point of Sale Terminals ,
Popular ,
Retail Market ,
Settlement
Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more
8/9/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
PHI ,
Ransomware
Has North Korea struck again? Do its recent attacks signal a shift from those motivated by political retribution to those motivated by financial gain? What does this mean for financial institutions?...more
More than a year and a half ago, Home Depot announced that it had been a victim of one of the largest data breaches in U.S. history. Media outlets reported that the breach had affected Home Depot’s customers who had made...more
5/9/2016
/ Article III ,
Banking Sector ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Financial Institutions ,
Free Identity Theft Protection ,
Hackers ,
Home Depot ,
Malware ,
Negligence ,
Popular ,
Qualified Settlement Funds ,
Standing
From the rise in ransomware attacks to inadvertent disclosure of information by subcontractors, the health services industry is reminded that a potential consequence of a data breach is the threat of a regulatory enforcement...more
4/26/2016
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
OCR ,
PHI ,
Ransomware ,
Subcontractors
By now, you’ve probably heard about the massive cyber attack that hit Bangladesh’s central bank last month, resulting in the loss of $81 million through fraudulent transfers to accounts in the Philippines. Although the size...more
Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when. And waiting for a breach to occur before designing and...more
Self-defense is a natural, almost reflexive human instinct. But it has a complicated history in American law, full of contradiction and compromise. Many jurisdictions have long recognized that an otherwise illegal act—such...more