Author: Peter Baldwin

Peter Baldwin draws on his experience as a former federal prosecutor to counsel clients facing government investigations and cybersecurity issues. View Peter's full bio on the Faegre Drinker website.

Faegre Drinker on Law and Technology Podcast: Exploring the New York SHIELD Act

Share

The New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act updated and expanded the state’s data breach notification requirements and introduced new and broad privacy and cybersecurity requirements that exceed those imposed by most other states around the country. In the latest episode of the Faegre Drinker on Law and Technology Podcast, Jason G. Weiss sits down with Peter Baldwin for insight into a number of questions regarding this sweeping new law.

Continue reading “Faegre Drinker on Law and Technology Podcast: Exploring the New York SHIELD Act”

Multiple Federal Agencies Jointly Warn of Increased and Imminent Cybercrime Threat to U.S. Hospitals and Healthcare Providers

Share

On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies collectively warned that “malicious cyber actors are targeting the Healthcare and Public Health (HPH) Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”

Continue reading “Multiple Federal Agencies Jointly Warn of Increased and Imminent Cybercrime Threat to U.S. Hospitals and Healthcare Providers”

Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach

Share

On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community Health owns over 200 hospitals across the United States and is one of the largest hospital networks in the country. The multi-state settlement follows a separate $2.3 million settlement that Community Health reached with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) in connection with the same data breach.

Continue reading “Community Health Systems Enters Into Five-Million-Dollar, Multi-State Settlement Agreement in Connection with 2014 Data Breach”

Ransomware Payments May Violate Sanctions Laws, U.S. Treasury Department Warns

Share

Ransomware attacks are on the rise in the wake of COVID-19, but attack victims — and third parties who assist them — could unknowingly be in violation of federal law. A new advisory from the U.S. Department of the Treasury warns that ransom payments to sanctioned individuals or entities may result in significant criminal or civil liability. Companies should closely review the details of this advisory to minimize the risk of violating the U.S. sanctions laws if they are victimized by a ransomware attack.

For the full alert, visit the Faegre Drinker website.

Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office

Share

On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged failures to adequately respond to cyberattacks that impacted approximately 300,000 customers. The proposed settlement—which still must be approved by the court—requires Dunkin to, among other things, notify customers impacted by the attacks, maintain specific cybersecurity procedures to prevent future cyberattacks, and pay $650,000 in penalties.

Continue reading “Dunkin’ Brands, Inc. Agrees to Pay $650,000 to Settle 2019 Data Breach Lawsuit Brought by the New York Attorney General’s Office”

DoD’s Cybersecurity Maturity Model Certification Is Here: What Your Business Needs to Do to Prepare

Share

On September 1, 2020, Department of Defense (DoD) contractors will be required to comply with the recently released Cybersecurity Maturity Model Certification (CMMC) requirements. The CMMC requirements are designed to ensure that suppliers, contractors and subcontractors working with the DoD’s Office of Acquisition and Sustainment have cybersecurity frameworks in place “to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB).” Through the creation of the CMMC, DoD appears to be enhancing the requirements of NIST 800-171, ISO 27001 and other cybersecurity-related frameworks.

The CMMC model delineates five “maturity” levels, with level 1 being the least secure and level 5 being the most secure. Once the CMMC takes effect, DoD will assign all solicitations an appropriate maturity level that bidders must be able to meet if they wish to bid on the solicitation.

Continue reading “DoD’s Cybersecurity Maturity Model Certification Is Here: What Your Business Needs to Do to Prepare”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy