Tag Archives: 2016 Data Security Incident Response Report

Deeper Dive: When it Comes to Data Breaches, Size Matters

By M. Scott Koller on June 21, 2016 Posted in Data Breaches, Online Privacy

As part of our ongoing series analyzing the 2016 BakerHostetler Data Security Incident Response Report, this article takes a closer look at the factors that play a role in whether an entity will face a regulatory investigation or litigation as a result of a data breach. As the title suggests, the size of breach is … Continue Reading

Deeper Dive: State-Backed Attack Groups Target U.S. Businesses

By Randal L. Gainer on May 31, 2016 Posted in Cybersecurity

In 31 percent of the data security incidents that BakerHostetler’s Privacy and Data Protection Practice Team helped clients address in 2015, attackers used phishing, hacking and malware to access client data. 2016 Data Security Incident Response Report, 3. Chinese state-supported attackers have long targeted the intellectual property of U.S. businesses. As we discussed in an … Continue Reading

Deeper Dive: Integrating Physician Practices into a Health System’s HIPAA Privacy and Security Program

By Paulette Thomas on May 24, 2016 Posted in HIPAA/HITECH

The healthcare industry shift to a value-based business model is resulting in greater alignment between hospitals and physicians to provide quality, outcomes driven care in order to receive payment for health care services. Prior to implementation of the Affordable Care Act, physicians more often were independent practitioners who held medical staff privileges to care for … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

By Gerald J. Ferguson and Jenna N. Felz on May 16, 2016 Posted in Cybersecurity, Financial Privacy

Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

Deeper Dive: Merchant Liability Arising from Stolen Payment Cards

By Craig A. Hoffman on May 9, 2016 Posted in Incident Response, Payment Card Industry

For merchants, accepting payment cards is not really a choice. Many merchants, however, are unaware of how that “choice” subjects them to significant potential liability in the event payment card data from cards swiped at the point-of-sale is stolen from their payment network. Often casually (but incorrectly) referred to as “PCI fines and penalties,” the … Continue Reading

Deeper Dive: Regulatory Investigations Following a Reported Breach

By Eric A. Packel on May 2, 2016 Posted in Data Breaches, Federal Legislation

We recently released our 2016 Data Security Incident Response Report (“Report”), which provides lessons learned and metrics related to over 300 data security incidents handled by our team. As noted in the report, once an incident is made public the potential ramifications include a wide-ranging investigation by a regulatory agency, such as state attorneys general. … Continue Reading

Deeper Dive: Human Error Is to Blame for Most Breaches

By Will R. Daugherty on April 25, 2016 Posted in Cybersecurity, Incident Response, Online Privacy

Each year, as companies implement the latest security technologies, attackers develop and launch new tactics, techniques, and procedures to circumvent those technologies. While investment in security defense and detection technologies is an essential component to building an effective defense-in-depth strategy, the reality is that most breaches can be traced back to human error. In our … Continue Reading