You’ve been hacked! What happens next? In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with guests Serge Jorgensen, founding partner and chief technology officer at Sylint Cybersecurity, and Faegre Drinker’s Jay Brudz about the legal and technical aspects of a cybersecurity incident, action items leaders should be prepared to take in the immediate aftermath of a breach, and other critical decisions that will make or break your incident response.
Disruptionware V: Malicious Cyber Actors Attack a Florida Water Treatment Facility
We have posted four previous articles discussing the foundation and structure of what a disruptionware attack is, how their attack matrix works, possible defenses to disruptionware attacks and industries that are very susceptible to these attacks. Disruptionware has proven over the last year that it is a growing and dangerous cyber threat to our data, our businesses and possibly our lives.
Disruptionware attacks typically involve ransomware and they aim to encrypt and hold the victim’s data hostage. Such attacks are usually financially motivated, and, to date, there have fortunately been only a few known examples where the disruptionware attack has resulted in threats to health and safety or caused loss of life. When such significant collateral damage has occurred, it typically appears to have been inadvertently caused.
Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes
The United States Court of Appeals for the Fifth Circuit (the “Court”) vacated a $4,348,000 civil monetary penalty (“CMP”) imposed by the U.S. Department of Health and Human Services’ Office for Civil Rights (“HHS-OCR”) in 2017 against the University of Texas M.D. Anderson Cancer Center (“MD Anderson”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule. The Court held that OCR’s actions were “arbitrary, capricious, and otherwise unlawful” and remanded the case for further proceedings. While the case is not binding precedent outside the Fifth Circuit, MD Anderson is the first HIPAA Covered Entity to appeal its fine to a Circuit Court since the HIPAA Privacy Rule and the HIPAA Security Rule took effect. The ruling likely will motivate future HIPAA settlement negotiations with HHS-OCR and encourage HIPAA Covered Entities to appeal enforcement outcomes they consider unreasonable.
IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting work model, and for many businesses that may be the case for an indefinite period of time. This raises important questions as to which security improvements or other changes IT departments need to make in 2021 to keep their businesses and client data safer from cyberattacks.
Faegre Drinker on Law and Technology Podcast: Evolving U.S. and International Privacy Laws in 2021 and Beyond
Privacy laws continue to proliferate both across U.S. states and at the international level, making it imperative for businesses to implement strong and adaptive data governance programs. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss and guests Mary Devlin Capizzi and Peter Blenkinsop look back on the evolution of privacy laws over the last 20 years, evaluate the impact of recent laws and how they may shape the future of privacy regulations, and provide some helpful guidance for companies working to stay on top of this evolving regulatory landscape.
Buyer Beware: The Internet of Things Comes Under New Cyber Attack from Multiple Fronts
It is estimated that by the end of 2020, there will be more than 50,000,000,000 (yes, billion) connected devices that are part of the Internet of Things (IoT). This is a five million percent increase in IoT devices over the last 20 years. Most of these devices are designed and manufactured for use in homes and vehicles or are wearable devices. These devices include everything from home security cameras to baby monitors, thermostats, car ignition starters, smart watches and even medical devices, such as pacemakers. There are literally thousands of different types of IoT devices that integrate into almost every aspect of your home and work life.