Ransomware Dos and Don’ts

A Q&A with John Mullen of Lewis Brisbois

In recent months, ransomware attacks have become more frequent, particularly in the healthcare space. While these attacks with their demand for payment give their victims few options for responding, companies can still prepare themselves to act quickly and effectively. Better yet, they can avoid ransom-seeking malware in the first place with sound security policies. I spoke with attorney John Mullen of Lewis Brisbois about best practices.

Continue Reading

Australian Cyber Security: A Primer

A Q&A with Leah Mooney of MinterEllison
The cyber security field is rapidly evolving in Australia where new legislation, growing costs and an increased awareness of threats and liability have spurred discussion and concern. I spoke with Attorney Leah Mooney, special counsel in the Insurance and Corporate Risk Group of MinterEllison, about the state of affairs in Australia and what businesses operating there might need to know about looming risks and how to mitigate them.

Continue Reading

Closing the Gaps: Healthcare Organizations, Third Parties and Data Security Risk

A Q&A with Antony Kim and John Wolfe of Orrick, Herrington and Sutcliffe
The recent HIPAA breach at St. Elizabeth’s Medical Center in Brighton, MA, brought some key issues to light. With the continual outsourcing of healthcare sector computing for ePHI data to external third-party clouds, it’s becoming increasing vital that the covered entity (CE) and/or business associate (BA) has a good handle on their cloud provider’s actual operational and data security practices. I talked to Antony Kim and John Wolfe of Orrick, Herrington and Sutcliffe about vigilance in the face of this vulnerability.

Continue Reading

Shining a Light on Cyber Claims

The release of the NetDiligence® 2015 Cyber Claims Study, the only one of its kind, reveals the most current data on cyber security events and their true costs. NetDiligence President Mark Greisiger shares the latest findings, including the top areas of concern for both insurers and the C-Suite.

Continue Reading

The MIE Breach: Business Associates and Data Security Risks

A Q&A with J.T. Malatesta of Maynard Cooper & Gale
Medical Informatics Engineering and subsidiary NoMoreClipboard revealed a breach last month affecting up to 3.9 million Americans which has now resulted in a series of class action lawsuits on behalf of victims. The incident is causing headaches for risk managers in the healthcare sector, including their cyber liability insurers. This event underscores how a catastrophic breach for one dominant service provider (in this case, Medical Informatics Engineering, the software company that provides the NoMoreClipboard service) can create a domino effect that impacts multiple organizations. Many insurers are also rightfully concerned about aggregated risk, since they could have multiple insureds and claims stemming from a single event such as this one. I spoke with J.T. Malatesta, chair of the cybersecurity practice of Maynard Cooper & Gale, about the implications of this event and how organizations can better prepare for vendor breaches.

Continue Reading

What Does the Neiman Marcus Ruling Mean for Data Security Law?

A Q&A with Ben Barnow of Barnow Associates PC
The decision in the recent Neiman Marcus case was a game changer for the swiftly evolving legal climate around data breach events. By establishing the theory of “likely future fraud or injury” the court recognized that plaintiffs no longer have to prove the “impending certainty” of potential injury (as was previously established by the 2013 decision in Clapper v. Amnesty International). To find out more about its impact we talked to Ben Barnow of Barnow Associates PC.

Continue Reading

Data Breach Events: A Plaintiff Perspective

Email Computer Key For Emailing Or ContactingA Q&A with John Yanchunis of Morgan & Morgan
The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of Morgan & Morgan about some of the most recent developments he’s observed.

Continue Reading

Data Security Risks in Higher Education

A Q&A with John Sileo, Sileo Group
Data security and privacy are a growing concern among educational institutions, with some 727 breaches taking place in higher education from 2005-2014, according to the Privacy Rights Clearinghouse. I spoke with John Sileo of The Sileo Group about the reasons this space has become particularly vulnerable to data loss.

Continue Reading

A View From Europe

 

Group Of Business People Standing In A White Background With BluA Q&A with Nick Beecroft of Lloyd’s of London
New regulation and awareness around growing threats such as operational attacks is changing the face of the European insurance market. I talked to Nick Beecroft, emerging risks and research manager at Lloyd’s of London, about his work assessing cyber vulnerabilities and helping develop products to address them.

Continue Reading

Sorting Out the Consequences of PCI Data Security Noncompliance

A Q&A with David Navetta of Information Law Group
The Payment Card Industry (PCI) Security Standards Council Data Security Standards (DSS) were established in 2006, but that’s only one piece of the payment card liability puzzle. Merchants are also held to card brand rules via their merchant and other contractual arrangements with merchant banks or the card brands. I spoke with Dave Navetta, a founding partner of InfoLawGroup LLP, about the types of consequences retailers can face during a data breach.

Continue Reading

No more posts.