Archives: Cybersecurity

New York Department of Financial Services Publishes Proposed Second Amendment to Its Cybersecurity Regulation

By Patrick H. Haggerty, Vaughn Stupart and Elise Elam on November 17, 2022 Posted in Cybersecurity

On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. Our prior analysis of those amendments is available here. NYDFS did consider comments received in response to the pre-proposed amendments, as they … Continue Reading

White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets

By Jeewon Serrato and Jamie Kim on October 13, 2022 Posted in Cybersecurity, Data Privacy

On Sept. 16, 2022, the White House released a comprehensive framework for responsible digital asset development and, in particular, cryptocurrency. Agencies across the federal government have been working for the past six months to develop frameworks and policy recommendations to advance the six key priorities identified in President Biden’s March 9 executive order on Ensuring … Continue Reading

NYDFS Proposed Amendments to Its Cybersecurity Rules

By Patrick H. Haggerty and Elise Elam on August 9, 2022 Posted in Cybersecurity

On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for newly defined larger entities, increased expectations for oversight of … Continue Reading

Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms

By Elise Elam and Benjamin Wanger on July 19, 2022 Posted in Cybersecurity, Ransomware

We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions of the State Cybersecurity Act (the … Continue Reading

Welcome Partner Ed McAndrew to the DADM Group

By Theodore J. Kobus III on July 11, 2022 Posted in Cybersecurity, Privacy Class Actions

We are excited to welcome new partner Ed McAndrew to our Digital Assets and Data Management Group! Ed joins our Privacy and Digital Risk Class Action and Litigation and Digital Risk Advisory and Cybersecurity teams, and will work out of our Philadelphia and Wilmington, Delaware offices. A former federal cybercrime prosecutor, Ed served as a … Continue Reading

Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared

By Sara Goldstein, Kimberly Gordy and Thomas Moran on March 18, 2022 Posted in Cybersecurity

In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first of many steps toward a federal privacy and breach notification framework. Included in SACA is the Cyber Incident Reporting for Critical … Continue Reading

Reporting Cyberattacks: Challenges for US Government Defense Contractors

By Brian Craig and Orga Cadet on December 20, 2021 Posted in Cybersecurity

A report published by the U.S. Government Accountability Office (GAO) on Dec. 8, 2021, highlights the complexity surrounding cybersecurity compliance for the Department of Defense (DOD) and its contractors. The GAO’s report recommended that the DOD improve its communication to industry, develop a plan to evaluate a pilot program, and develop outcome-oriented performance measures. This … Continue Reading

China Issues Draft Measures on Security Assessment of Cross-Border Data Transfer

By Daniel Pepper on November 5, 2021 Posted in Cybersecurity, Information Governance

On Oct. 29, 2021, the Cyberspace Administration of China (CAC) published the “Draft Measures on Security Assessment of Cross-Border Data Transfer” (Draft Measures) for comment through Nov. 28. The Draft Measures follow and are based on China’s Cybersecurity Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL) and related regulations. These measures appear … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part II – Development Agreements

By Craig Carpenter on October 12, 2021 Posted in Cybersecurity, Data Breach Notification Laws, Data Breaches, Information Security, Uncategorized

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered in this blog, including trends in global breach notification, healthcare industry risks and ransomware. The report is … Continue Reading

New Director of HHS Office for Civil Rights Announced: What could Lisa J. Pino’s appointment mean for future HIPAA enforcement?

By Sara Goldstein on September 28, 2021 Posted in Cybersecurity, Enforcement, Healthcare, HHS, HIPAA/HITECH

More than eight months into the Biden administration, the U.S. Department of Health & Human Services (HHS) announced the appointment of Lisa J. Pino as the new director of the Office for Civil Rights (OCR) on Sept. 27, 2021. As the new director of the OCR, Pino will be responsible for enforcing the Health Insurance … Continue Reading

David A. Carney Recognized as Cybersecurity & Privacy MVP by Law360

By Theodore J. Kobus III on September 16, 2021 Posted in Cybersecurity, Privacy

I’m delighted today to focus on a key player in BakerHostetler’s Digital Assets and Data Management group. David Carney is an exceptional lawyer who is on the cutting edge of privacy litigation in the United States. His work on a series of high-profile matters over the past six years has established important parameters regarding plaintiff … Continue Reading

The Brave New World of Cybersecurity Compliance—Key Takeaways from Recent Government Action on Cybersecurity

By Andreas Kaltsounis and Seungjae Lee on July 20, 2021 Posted in Cybersecurity

After a series of high-profile supply chain and ransomware attacks, the federal government is ramping up its effort to improve the nation’s cybersecurity. In the past several months, multiple federal departments and agencies announced new policy initiatives and regulatory directives to drive their cybersecurity agenda forward, and state regulators are following the trend. It is … Continue Reading

Congratulations to Sara Goldstein – a 2021 Law360 Rising Star!

By Theodore J. Kobus III on June 1, 2021 Posted in Cybersecurity

Sara Goldstein has been named to Law360’s 2021 list of “Top Attorneys Under 40,” for her career accomplishments in the Cybersecurity & Privacy practice area. Only 180 attorneys nationwide were recognized for what Law360 describes as “legal accomplishments that transcend their age.” Sara focuses her practice on legal issues related to data privacy and security … Continue Reading

Executive Order on Improving the Nation’s Cybersecurity: What Does It Mean for Business?

By Sara Goldstein and Jessica Lowery on May 13, 2021 Posted in Cybersecurity

In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to cyberattacks. Although the initiatives outlined in the Executive Order only apply to federal contractors (many of which already comply with agency-specific cybersecurity rules), all … Continue Reading

A Risk-Based Approach to the SolarWinds Vulnerability Disclosures

By Andreas Kaltsounis and Adam Cohen on January 6, 2021 Posted in Cybersecurity

On December 13, 2020, SolarWinds disclosed that an unknown attacker compromised its network and inserted malicious code (referred to as the Sunburst vulnerability) into software updates for the Orion platform. In what will likely become known as one of the most widespread and damaging cyber attacks in history, approximately 18,000 private and government organizations installed … Continue Reading

BakerHostetler Named a Cybersecurity “Pacesetter” in ALM Intelligence Inaugural Ranking

By Theodore J. Kobus III on November 23, 2020 Posted in Cybersecurity

We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading

New York Brings Long-Awaited Cybersecurity Message Case

By Jonathan A. Forman and Eulonda Skyles on July 30, 2020 Posted in Cybersecurity

Ever since the New York State Department of Financial Services (DFS) instituted its first-in-the-nation Cybersecurity Regulation[1] in 2017 (covered in our post here), banks, insurance companies, and others in the financial services industry wondered what would trigger an enforcement action under its broad purview. At long last, the industry now knows. On July 22, 2020, … Continue Reading

Joint Agencies Issue Guidance on Prevalence of Cyberattacks Exploiting COVID-19 and Teleworking

By Kathryn Carey on April 23, 2020 Posted in Cybersecurity

On Friday, April 10, 2020, the Department of Homeland Security, the Cybersecurity and Infrastructure Agency and the United Kingdom’s National Cyber Security Centre (NCSC) (jointly, the Agencies) issued a joint statement regarding the growing prevalence of COVID-19-related cyberattacks. The alert focuses on advanced persistent threat (APT) groups and other cybercriminals that are targeting organizations with … Continue Reading

Threat Actors are Finding New Ways to Commoditize Data

By David Potter and Anthony P. Valach on April 21, 2020 Posted in Cybersecurity

While all businesses continue to adjust to the remote work environment, it’s business as usual for cybercriminals. Although there are reports of phishing schemes tied to the COVID-19 pandemic, we are not really seeing different types of incidents or new tactics from the threat actors. Incident volume has increased slightly, but we are not seeing … Continue Reading

COVID-19 Cybersecurity Exposure

By Andreas Kaltsounis on March 18, 2020 Posted in Cybersecurity

Risk scenarios and recommendations History tells us that unscrupulous actors will exploit any crisis, and COVID-19 is no exception. Attackers wasted no time building coronavirus-themed phishing emails and malware-laden websites purporting to track the coronavirus’s spread across the globe. These opportunistic attacks were an expected variation on well-known themes that use fear to engineer an … Continue Reading

Standing Guard – Digital Risk Advisory and Cybersecurity Team

By Craig A. Hoffman and Andreas Kaltsounis on January 27, 2020 Posted in Cybersecurity

The Digital Assets and Data Management (DADM) Practice Group offers holistic, enterprise-wide risk solutions to clients around “everything data.” The multidisciplinary new addition – chaired by Theodore J. Kobus III – is a strategic outgrowth of the firm’s world-class Privacy and Data Protection and Advertising, Marketing and Digital Media teams, combined with the innovative legal … Continue Reading

Everything Data!

By Theodore J. Kobus III on January 21, 2020 Posted in Advertising, Breach Notification, Consumer Data, Cybersecurity, Data Breaches, HIPAA/HITECH, Incident Response, Information Governance, Information Security

Thank you to our clients and relationships, as well as to the BakerHostetler team who made the creation of the new Digital Assets and Data Management (DADM) Practice Group possible. In a world dependent on data, this group takes a 360-degree approach to the delivery of services and counsel to clients on how they manage … Continue Reading

Cybersecurity Remains a Top SEC Examination Priority in the New Decade

By Jonathan A. Forman on January 10, 2020 Posted in Cybersecurity

It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and Examinations (OCIE) “will continue to prioritize cyber and information security risks across the entire examination program.” This … Continue Reading

Cybersecurity Implications in Government Contracting Top 2019 End-of-Year Considerations

By W. Barron A. Avery on January 3, 2020 Posted in Cybersecurity

Barron Avery, leader of BakerHostetler’s national Government Contracts team, was quoted in a Law360 article titled “Top 5 Gov’t Contract Cases of 2019.” Avery’s comments come as a sure reminder for contractors that failing to adhere to cybersecurity requirements can have serious and dire consequences to contractors themselves. In May 2019, the U.S. District Court … Continue Reading