Tag Archives: cybersecurity

David A. Carney Recognized as Cybersecurity & Privacy MVP by Law360

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Cybersecurity, Privacy
I’m delighted today to focus on a key player in BakerHostetler’s Digital Assets and Data Management group. David Carney is an exceptional lawyer who is on the cutting edge of privacy litigation in the United States. His work on a series of high-profile matters over the past six years has established important parameters regarding plaintiff … Continue Reading

SEC Cybersecurity Actions Against Registered Firms for Business Email Compromises Emphasize Importance of MFA

Photo of Adam CohenPhoto of Jonathan A. FormanBy Adam Cohen and Jonathan A. Forman on Posted in Enforcement, Incident Response, Information Security, SEC
On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting from business email compromises that each exposed or potentially exposed the personal information of thousands of customers.[1] These enforcement actions underscore the following lessons for broker-dealers and … Continue Reading

The Brave New World of Cybersecurity Compliance—Key Takeaways from Recent Government Action on Cybersecurity

Photo of Andreas KaltsounisPhoto of Seungjae LeeBy Andreas Kaltsounis and Seungjae Lee on Posted in Cybersecurity
After a series of high-profile supply chain and ransomware attacks, the federal government is ramping up its effort to improve the nation’s cybersecurity. In the past several months, multiple federal departments and agencies announced new policy initiatives and regulatory directives to drive their cybersecurity agenda forward, and state regulators are following the trend. It is … Continue Reading

Executive Order on Improving the Nation’s Cybersecurity: What Does It Mean for Business?

Photo of Sara GoldsteinPhoto of Jessica LoweryBy Sara Goldstein and Jessica Lowery on Posted in Cybersecurity
In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to cyberattacks. Although the initiatives outlined in the Executive Order only apply to federal contractors (many of which already comply with agency-specific cybersecurity rules), all … Continue Reading

Responding to Supply-Chain Risk—It’s Not Just About Vendor Management

Photo of Andreas KaltsounisBy Andreas Kaltsounis on Posted in Supply Chain
Organizations around the globe began 2021 grappling with two significant supply-chain attacks. First, the SVR, Russia’s foreign intelligence service, planted malicious code in Orion, SolarWinds’ flagship network management suite. When 18,000 Orion customers updated their software, they also unwittingly installed the SVR’s malicious code, giving the Russian intelligence agency direct access to the customers’ networks. … Continue Reading

Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor

Photo of Vimala DevassyPhoto of Sara GoldsteinPhoto of Kyle GregoryBy Vimala Devassy, Sara Goldstein and Kyle Gregory on Posted in Healthcare, HIPAA/HITECH
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for cybersecurity threat actors, the amendment creates a “HIPAA safe harbor” that should hopefully provide some much-needed relief to those … Continue Reading

Privacy and Product Counseling: 2020 in Review

Photo of Gerald J. FergusonPhoto of Nichole SterlingBy Kyle R. Fath, Gerald J. Ferguson and Nichole Sterling on Posted in Privacy
Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading

The New IoT Cybersecurity Act Is Here

Photo of Daniel PepperPhoto of Adam CohenBy Daniel Pepper and Adam Cohen on Posted in Internet of Things
Background Growing awareness regarding cybersecurity concerns with the Internet of Things (IoT) has achieved a milestone with the promulgation of the IoT Cybersecurity Improvement Act (the Act), which was signed into law by President Donald Trump on December 4, 2020. The Act requires the development, adoption and implementation of security standards for IoT devices by … Continue Reading

BakerHostetler Named a Cybersecurity “Pacesetter” in ALM Intelligence Inaugural Ranking

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Cybersecurity
We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading

Warning of Cybersecurity Threat to Healthcare Sector – Imminent Threat of Ransomware

Photo of Eric A. PackelBy Eric A. Packel on Posted in Healthcare
BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. The Advisory warns of an imminent cybercrime threat to U.S. hospitals and healthcare providers with the purpose of infecting systems with Ryuk ransomware for financial … Continue Reading

New York Brings Long-Awaited Cybersecurity Message Case

Photo of Jonathan A. FormanBy Jonathan A. Forman and Eulonda Skyles on Posted in Cybersecurity
Ever since the New York State Department of Financial Services (DFS) instituted its first-in-the-nation Cybersecurity Regulation[1] in 2017 (covered in our post here), banks, insurance companies, and others in the financial services industry wondered what would trigger an enforcement action under its broad purview. At long last, the industry now knows. On July 22, 2020, … Continue Reading

DSIR Deeper Dive: The Ransomware Epidemic

Photo of Anthony P. ValachBy David Kitchen and Anthony P. Valach on Posted in Data Security Incident Response
Ransomware is among the most common and persistent threats faced by organizations of all sizes. In 2019, the ransomware threat landscape worsened in several significant ways: (1) average demands increased more than tenfold; (2) all industry segments saw increases in attack frequency, with stark increases seen by education and government entities; and (3) several threat … Continue Reading

DSIR Deeper Dive: Using Compromise Threat Intelligence

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Security Incident Response
Organizations are under tremendous pressure to be agile and resilient. A key part of building a mature cybersecurity posture to enable the goals of the organization is conducting ongoing risk assessments and then implementing risk-prioritized measures. Organizations contact us during this process to ask what emerging threats to guard against. Our answer always includes a … Continue Reading

Joint Agencies Issue Guidance on Prevalence of Cyberattacks Exploiting COVID-19 and Teleworking

Photo of Kathryn CareyBy Kathryn Carey on Posted in Cybersecurity
On Friday, April 10, 2020, the Department of Homeland Security, the Cybersecurity and Infrastructure Agency and the United Kingdom’s National Cyber Security Centre (NCSC) (jointly, the Agencies) issued a joint statement regarding the growing prevalence of COVID-19-related cyberattacks. The alert focuses on advanced persistent threat (APT) groups and other cybercriminals that are targeting organizations with … Continue Reading

COVID-19 Cybersecurity Exposure

Photo of Andreas KaltsounisBy Andreas Kaltsounis on Posted in Cybersecurity
Risk scenarios and recommendations History tells us that unscrupulous actors will exploit any crisis, and COVID-19 is no exception. Attackers wasted no time building coronavirus-themed phishing emails and malware-laden websites purporting to track the coronavirus’s spread across the globe. These opportunistic attacks were an expected variation on well-known themes that use fear to engineer an … Continue Reading

Standing Guard – Digital Risk Advisory and Cybersecurity Team

Photo of Craig A. HoffmanPhoto of Andreas KaltsounisBy Craig A. Hoffman and Andreas Kaltsounis on Posted in Cybersecurity
The Digital Assets and Data Management (DADM) Practice Group offers holistic, enterprise-wide risk solutions to clients around “everything data.” The multidisciplinary new addition – chaired by Theodore J. Kobus III – is a strategic outgrowth of the firm’s world-class Privacy and Data Protection and Advertising, Marketing and Digital Media teams, combined with the innovative legal … Continue Reading

Cybersecurity Remains a Top SEC Examination Priority in the New Decade

Photo of Jonathan A. FormanBy Jonathan A. Forman on Posted in Cybersecurity
It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and Examinations (OCIE) “will continue to prioritize cyber and information security risks across the entire examination program.” This … Continue Reading

Cybersecurity Implications in Government Contracting Top 2019 End-of-Year Considerations

Photo of W. Barron A. AveryBy W. Barron A. Avery on Posted in Cybersecurity
Barron Avery, leader of BakerHostetler’s national Government Contracts team, was quoted in a Law360 article titled “Top 5 Gov’t Contract Cases of 2019.” Avery’s comments come as a sure reminder for contractors that failing to adhere to cybersecurity requirements can have serious and dire consequences to contractors themselves. In May 2019, the U.S. District Court … Continue Reading

Trojan Malware Reclaims the Top Spot as the Greatest Cyber Threat to the Healthcare Sector

Photo of Alexandra RoyalBy Alexandra Royal on Posted in Cybersecurity, HIPAA/HITECH
Cybersecurity threats continued to plague the healthcare sector in 2018. Healthcare organizations notified twice as many individuals under HIPAA and other notification statutes in 2018 as compared with 2017. According to a new report from Malwarebytes Labs, 2019 State of Malware Report, trojan malware was the greatest threat to the healthcare sector in 2018.[1] Specifically, … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Insider-Caused Data Loss

Photo of Aleksandra VoldPhoto of Kathryn CareyBy Aleksandra Vold and Kathryn Carey on Posted in HHS, HIPAA/HITECH, Medical Privacy
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. While any security incident may cause an entity heartburn, when the incident is traced back to an … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Loss or Theft of Devices

Photo of Aleksandra VoldPhoto of Kathryn CareyBy Aleksandra Vold and Kathryn Carey on Posted in HHS, HIPAA/HITECH
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) weighs in on one of the issues many entities find … Continue Reading
LexBlog