Author: Ken Dort

Ken Dort is a partner in the firm's Intellectual Property group. Read Ken's full bio on the Faegre Drinker website.

DC Circuit Deepens Circuit Split on Data Breach Class Standing

Share

***09/06/17 UPDATE***

On Wednesday, September 6, the DC Circuit Court of Appeals granted an unopposed motion to stay its decision that reversed a district court order dismissing a potential class action arising from a 2014 data breach Chantal Attias et al. v. CareFirst Inc. et al., case number 16-7108.  The order stays the mandate until December 7, 2017.

***ORIGINAL POST***

Last month, a three-judge panel on the United States Court of Appeals for the District of Columbia unanimously reversed a district court order dismissing a potential class action arising from a 2014 data breach,  Chantal Attias et al. v. CareFirst Inc. et al., case number 16-7108.  In reversing that order, the court permitted a health insurance company’s customers to proceed against that carrier, CareFirst, which serves one million customers in the District of Columbia, Maryland and Virginia.
Continue reading “DC Circuit Deepens Circuit Split on Data Breach Class Standing”

Fact Sheet: NYDFS Cyber Regulations

Share

The New York Department of Financial Services’ Cyber Requirements for Financial Services Companies, 23 NYCRR 500 (“Cyber Regulations”) went into effect on March 1, 2017. The Cyber Regulations are intended to require financial companies to assess their internal cybersecurity risks and develop a cybersecurity program to protect customer information and their IT systems, as well as respond, recover, and report cyber threats. The Cyber Regulations establish a comprehensive set of proactive cybersecurity standards for companies to follow, involving everything from appointing a designated Chief Information Security Officer (CISO) to submitting an annual compliance notice, and conducting penetration testing and vulnerability assessments.

Here is an overview of some key terms, requirements and deadlines under these new regulations.

Continue reading “Fact Sheet: NYDFS Cyber Regulations”

Global Ransomware Attack: What Your Organization Needs to Know Now

Share

The WannaCry cyberattack on Friday, May 12, 2017 was the largest international ransomware attack to date.

Victims of the attack range in size—from Fortune 500 to small/medium-sized businesses—and industry—from academic institutions to large banks, health care providers and transportation networks. The U.K.’s health care regulatory agency, the National Health Service (NHS), was a major target. The attack’s devastating scale in exploiting data security vulnerabilities is a good reminder of how critical it is for health care organizations to conduct comprehensive security assessments immediately and regularly.

We took a close look at the WannaCry ransomware incident and have some tips for what organizations need to know to minimize their risk in this article.

Proposed Changes to the NIST Cybersecurity Framework

Share

The National Institute of Standards and Technology (NIST) issued an update to its Framework for Improving Critical Infrastructure Cybersecurity on January 10, 2017. The updated draft Version 1.1 was issued after NIST’s review of considerable public and private-sector feedback on Version 1.0.

The updated five Framework Core Functions remain the same as the previous iteration: Identify, Protect, Detect, Respond and Recover. Version 1.1 now includes enhanced categories, subcategories and guidance, including cyber supply chain risk management, safer information sharing, cybersecurity measurement and stronger measures for device authentication.

The updated draft includes improvements but is intended to remain a voluntary cyber risk management tool that organizations can customize.

Read our overview of the updates and insights on some of the highlights.

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy