Benjamin Wanger

Subscribe to all posts by Benjamin Wanger

For Educational Institutions, Post-Ransomware Harassment Requires A+ Messaging

Photo of Benjamin WangerPhoto of Pierce T. CoxBy Benjamin Wanger and Pierce T. Cox on Posted in Ransomware
Educational institutions have not been excluded from the ransomware epidemic, and stakeholder communications are critical to an effective response. In a typical double-extortion ransomware attack, threat actors demand that victims pay a ransom to decrypt systems and to prevent publication of stolen data. However, with a decline in the number of victims choosing to pay … Continue Reading

Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms

Photo of Elise ElamPhoto of Benjamin WangerBy Elise Elam and Benjamin Wanger on Posted in Cybersecurity, Ransomware
We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions of the State Cybersecurity Act (the … Continue Reading

North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?

Photo of Elise ElamPhoto of Benjamin WangerBy Elise Elam and Benjamin Wanger on Posted in Data Counsel
On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms, North Carolina’s new law actually goes so far as to prohibit a public entity from even communicating with threat … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 3

Photo of Benjamin WangerPhoto of Allison ClarkBy Benjamin Wanger and Allison Clark on Posted in Ransomware
PART 1 PART 2 PART 3 In the event of a ransomware attack, there are a host of legal frameworks that could potentially be implicated.  Whether those laws apply often depends on the nature of the data that the threat actor accessed and/or acquired.  In this installment, we address the laws that could be implicated … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 2

Photo of Benjamin WangerPhoto of Allison ClarkBy Benjamin Wanger and Allison Clark on Posted in Ransomware
PART 2 The best way to ensure that an educational institution can respond quickly and effectively to a ransomware attack and minimize any chaos and confusion that accompanies such incidents is to have an incident response plan in place to outline the procedures to be followed after ransomware has been detected.  In this posting, we … Continue Reading

It’s Elementary: Measures that Educational Institutions Should Take to Prepare for Ransomware Attacks: Part 1

Photo of Benjamin WangerPhoto of Allison ClarkBy Benjamin Wanger and Allison Clark on Posted in Ransomware
PART 1 The ransomware epidemic has affected and continues to affect all industries, including healthcare, manufacturing and finance. Since 2020, however, the education industry has been targeted as much as or more than any other sector. Indeed, approximately 23 percent of the 1,250+ data security incidents that BakerHostetler helped clients manage over the past year … Continue Reading

Effective Oct. 1, 2021: Connecticut Expands Data Breach Notification Statute

Photo of Benjamin WangerPhoto of Elana WeinblattBy Benjamin Wanger and Elana Weinblatt on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Data Privacy, HIPAA/HITECH
On June 16, 2021, the Connecticut General Assembly adopted an expanded version of Connecticut’s data breach notification statute (2021 CT H.B. 5310 (NS)). Through this expansion, Connecticut’s data breach notification statute will be updated, effective Oct. 1, 2021, to (1) broaden the definition of “personal information,” (2) shorten the amount of time within which businesses … Continue Reading

New EDPB Draft Guidance Provides Practical Scenarios for Data Breach Notification Analysis Under the GDPR

Photo of Michael FitzgeraldPhoto of Benjamin WangerBy Michael Fitzgerald and Benjamin Wanger on Posted in GDPR
In certain cases, the General Data Protection Regulation (GDPR) requires entities that experience a personal data breach to provide notice of the incident to relevant national supervisory authorities and the individuals whose personal data was compromised. The European Data Protection Board (EDPB) — a board of representative members from each of the European national supervisory … Continue Reading

Healthcare Providers Remain Targets for Ransomware Attacks in the Midst of COVID-19 Pandemic

Photo of Benjamin WangerPhoto of Sara GoldsteinBy Benjamin Wanger and Sara Goldstein on Posted in Ransomware
Although it was widely reported that several ransomware threat actor groups have pledged to not target healthcare providers until the COVID-19 pandemic is over, BakerHostetler’s Digital Assets and Data Management Practice Group and Healthcare Privacy and Compliance team continue to see ransomware attacks launched against healthcare providers. In order to combat the COVID-19 pandemic, healthcare … Continue Reading
LexBlog