On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.”...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
Cyber incidents have been growing at an exponential rate in recent years. A recent report from the Identity Theft Resource Center found that there were over one billion data breach victims in Q2 of 2024, which is around five...more
Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even...more
Frontier Communications (Frontier) faces three class action lawsuits in relation to a cyber data breach in which the criminal ransomware group, RansomHub, stole personally identifiable information (PII) of over 750,000...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
Many general counsels, as well as their privacy and cybersecurity teams, are understandably focused on their company’s coronavirus safety measures - and that is good news to the hackers. Hackers thrive amidst confusion and...more
Just when you thought the hazards of cyberfraud couldn’t get worse, the SEC recently issued a Report of Investigation (more on that later) stating that nine recent corporate victims of cyberfraud may have compounded their...more
In an October 16, 2018 investigation report, the Securities and Exchange Commission found that nine companies that suffered Business Email Compromise, or BEC, had insufficient internal controls to prevent such attacks....more
It is a strange combination of events today, but two different agencies released reports on cybersecurity issues that all companies should consider when looking at their systems, controls and checks. The U.S. Department of...more
At a March 7, 2018 Conference on Cyber Security co-hosted by Boston College and the Federal Bureau of Investigation (“FBI”), Director of the FBI Christopher Wray spoke about the FBI’s efforts to combat cyber threats. Among...more
What is it? This new variation of Petya (“Little Peter” in Russian) is more robust ransomware than last month’s North Korean WannaCry ransomware. It has no kill switch, and it encrypts entire hard drives, not just individual...more
The WannaCry ransomware attack was first reported on Friday, May 12. Within hours, it shut down thousands of computer systems, locking users out of their own files. The latest report estimates over 300,000 computers in 150...more
The recent global ransomware attack (WannaCry) was yet another reminder of the increased threat posed by cyber breaches. While cybersecurity attacks are inevitable, organizations (and their directors and officers) may still...more
As their methods evolve, cybercriminals are increasingly targeting regional manufacturing businesses with sophisticated and potentially costly attacks. A recent ransomware attack on a mid-sized manufacturer in the Southeast...more
This article begins by providing an overview of the duty of directors to oversee risk, including cybersecurity risk, in the cyberattack context and then outlines actions that board of directors are taking as reported by...more
After a long delay, with a vote of 74 to 21, the United States Senate passed the Cybersecurity Information Sharing Act (CISA) on October 27, 2015. The bill has been touted as being controversial and is opposed by...more
In this issue of The WSGR Data Advisor, we examine the FCC’s recent TCPA declaratory ruling and order addressing issues regarding calling and texting consumers, and discuss the new privacy, data security, and transparency...more
In This Presentation: - Regulatory expectations for financial institutions - Risks for financial institutions - Planning to reduce risks - The Breach - Duties and responsibilities -...more
Tens of thousands of cyber attackers employed by Chinese People’s Liberation Army and other employees and contractors of the Chinese Ministry of State Security work diligently every day to steal information from U.S....more