No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Podcast: A Conversation with Andy Rotherham on Hot Topics in Education for 2023
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
No Password Required: Threat Researcher at Cisco Talos and a Veteran of the Highest-Profile Cyber Incidents Who Roasts His Own Coffee Beans
Innovation in Compliance - The Role of Backup Systems in Cybersecurity Defense with Curtis Preston
Cyber Threats
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
Hinshaw Insurance Law TV – Cybersecurity Third and Final Part: Ransomware
Can Cyber Investigations Be Canned? - Unauthorized Access Podcast
[Podcast] NSA Cybersecurity Services for Defense Contractors
Understanding the Additional Risks When Making a Ransomware Payment
2022 DSIR Deeper Dive: Ransomware
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more
Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the US Department of Health and Human Services Office for Civil Rights (OCR), which has made...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
Cyber issues are seldom out of the news, from ransomware attacks and espionage to non-malicious outages that cause widespread concern. Organizations need to protect themselves against both current and future risks and...more
The hospitality industry is a prime target for cyber criminals, due in part to the high volume of sensitive guest data, including financial information, that companies maintain. Almost one-third of hospitality organizations...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more
They appeared. They caused a fright. And then they disappeared… along with all of your data. While not a ghost, that is how most hacking groups operate and their ghostly presence is growing across the globe....more
The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Green Ridge Behavioral Health, LLC...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Ransomware trends – specifically related to frequency, cost, and payout – should no longer surprise us. We depend on technology more and more, integrating it into every aspect of our lives. As for data management, there is...more
Typically, we beat the drum of the need to prepare for a data incident—anything from a full-blown ransomware attack to an employee accidently sharing data with the wrong person—by having your Incident Response Plan developed...more
The Department of Homeland Security’s Transportation Security Administration (“TSA”) has issued an amended directive on pipeline security, SD-Pipeline-2021-02D (the “Directive”). The Directive is based on and supersedes the...more
In recent years, especially through 2019 and 2020, the cyber insurance market in the U.S. has seen significant growth. Middle-market companies have been actively requesting cyber insurance policies with low rates and broad...more
To help protect against criminal ransomware and cyberattacks, modern manufacturing plants should ensure they have reasonable physical, administrative, and technical safeguards in place....more
Crises and uncertainty are inevitable forces in modern business, particularly in cyber and digital. General counsels and legal risk executives are well suited to lead preparedness and resiliency for future crises, uniting key...more
There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. ...more
Entities facing significant legal risk, no matter the circumstances, if they make ransom payments to attackers connected to, or originating from Russia. As the Russian invasion of Ukraine continues, the U.S. government...more
Healthcare companies continue to face increased risks of ransomware attacks on their operations. According to the recently released BD Cybersecurity Annual Report for 2021, such attacks are also increasingly sophisticated....more
Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more
A ransomware attack is a major threat affecting all sectors of business, including healthcare. Organizations typically follow state and federal privacy laws as part of their ransomware prevention and response measures....more
Labor Day weekend is upon us. Unfortunately, history has shown that, rather than resting, hackers and other threat actors take advantage of holidays to attack closed or understaffed businesses when they least expect it. To...more