Tag Archives: cybersecurity

The New IoT Cybersecurity Act Is Here

By Daniel Pepper and Adam Cohen on December 11, 2020 Posted in Internet of Things

Background Growing awareness regarding cybersecurity concerns with the Internet of Things (IoT) has achieved a milestone with the promulgation of the IoT Cybersecurity Improvement Act (the Act), which was signed into law by President Donald Trump on December 4, 2020. The Act requires the development, adoption and implementation of security standards for IoT devices by … Continue Reading

BakerHostetler Named a Cybersecurity “Pacesetter” in ALM Intelligence Inaugural Ranking

By Theodore J. Kobus III on November 23, 2020 Posted in Cybersecurity

We are extremely proud to announce that BakerHostetler has been named the only law firm included in the ALM Cybersecurity “Pacesetter” inaugural ranking. Our DADM Group – and the Digital Risk Advisory and Cybersecurity team in particular – was identified in this national pacesetter report as leading the law firm peer group in “how it … Continue Reading

Warning of Cybersecurity Threat to Healthcare Sector – Imminent Threat of Ransomware

By Eric A. Packel on October 29, 2020 Posted in Healthcare

BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. The Advisory warns of an imminent cybercrime threat to U.S. hospitals and healthcare providers with the purpose of infecting systems with Ryuk ransomware for financial … Continue Reading

New York Brings Long-Awaited Cybersecurity Message Case

By Jonathan A. Forman and Eulonda Skyles on July 30, 2020 Posted in Cybersecurity

Ever since the New York State Department of Financial Services (DFS) instituted its first-in-the-nation Cybersecurity Regulation[1] in 2017 (covered in our post here), banks, insurance companies, and others in the financial services industry wondered what would trigger an enforcement action under its broad purview. At long last, the industry now knows. On July 22, 2020, … Continue Reading

DSIR Deeper Dive: The Ransomware Epidemic

By David Kitchen and Anthony P. Valach on May 18, 2020 Posted in Data Security Incident Response

Ransomware is among the most common and persistent threats faced by organizations of all sizes. In 2019, the ransomware threat landscape worsened in several significant ways: (1) average demands increased more than tenfold; (2) all industry segments saw increases in attack frequency, with stark increases seen by education and government entities; and (3) several threat … Continue Reading

DSIR Deeper Dive: Using Compromise Threat Intelligence

By Craig A. Hoffman on May 7, 2020 Posted in Data Security Incident Response

Organizations are under tremendous pressure to be agile and resilient. A key part of building a mature cybersecurity posture to enable the goals of the organization is conducting ongoing risk assessments and then implementing risk-prioritized measures. Organizations contact us during this process to ask what emerging threats to guard against. Our answer always includes a … Continue Reading

Joint Agencies Issue Guidance on Prevalence of Cyberattacks Exploiting COVID-19 and Teleworking

By Kathryn Carey on April 23, 2020 Posted in Cybersecurity

On Friday, April 10, 2020, the Department of Homeland Security, the Cybersecurity and Infrastructure Agency and the United Kingdom’s National Cyber Security Centre (NCSC) (jointly, the Agencies) issued a joint statement regarding the growing prevalence of COVID-19-related cyberattacks. The alert focuses on advanced persistent threat (APT) groups and other cybercriminals that are targeting organizations with … Continue Reading

COVID-19 Cybersecurity Exposure

By Andreas Kaltsounis on March 18, 2020 Posted in Cybersecurity

Risk scenarios and recommendations History tells us that unscrupulous actors will exploit any crisis, and COVID-19 is no exception. Attackers wasted no time building coronavirus-themed phishing emails and malware-laden websites purporting to track the coronavirus’s spread across the globe. These opportunistic attacks were an expected variation on well-known themes that use fear to engineer an … Continue Reading

Standing Guard – Digital Risk Advisory and Cybersecurity Team

By Craig A. Hoffman and Andreas Kaltsounis on January 27, 2020 Posted in Cybersecurity

The Digital Assets and Data Management (DADM) Practice Group offers holistic, enterprise-wide risk solutions to clients around “everything data.” The multidisciplinary new addition – chaired by Theodore J. Kobus III – is a strategic outgrowth of the firm’s world-class Privacy and Data Protection and Advertising, Marketing and Digital Media teams, combined with the innovative legal … Continue Reading

Cybersecurity Remains a Top SEC Examination Priority in the New Decade

By Jonathan A. Forman on January 10, 2020 Posted in Cybersecurity

It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and Examinations (OCIE) “will continue to prioritize cyber and information security risks across the entire examination program.” This … Continue Reading

Cybersecurity Implications in Government Contracting Top 2019 End-of-Year Considerations

By W. Barron A. Avery on January 3, 2020 Posted in Cybersecurity

Barron Avery, leader of BakerHostetler’s national Government Contracts team, was quoted in a Law360 article titled “Top 5 Gov’t Contract Cases of 2019.” Avery’s comments come as a sure reminder for contractors that failing to adhere to cybersecurity requirements can have serious and dire consequences to contractors themselves. In May 2019, the U.S. District Court … Continue Reading

Congress: Public Companies Need to Get Serious About Cybersecurity

By Chris Jones on December 23, 2019 Posted in Cybersecurity

As businesses of all sizes increase spending on cybersecurity – projected to top $124 billion this year – a bipartisan group of lawmakers in Congress wants public companies to go one step further: Install a cyber expert on their boards of directors. The Cybersecurity Disclosure Act has been introduced several times in recent years, but … Continue Reading

Trojan Malware Reclaims the Top Spot as the Greatest Cyber Threat to the Healthcare Sector

By Alexandra Royal on March 5, 2019 Posted in Cybersecurity, HIPAA/HITECH

Cybersecurity threats continued to plague the healthcare sector in 2018. Healthcare organizations notified twice as many individuals under HIPAA and other notification statutes in 2018 as compared with 2017. According to a new report from Malwarebytes Labs, 2019 State of Malware Report, trojan malware was the greatest threat to the healthcare sector in 2018.[1] Specifically, … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Insider-Caused Data Loss

By Aleksandra Vold and Kathryn Carey on March 1, 2019 Posted in HHS, HIPAA/HITECH, Medical Privacy

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. While any security incident may cause an entity heartburn, when the incident is traced back to an … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Loss or Theft of Devices

By Aleksandra Vold and Kathryn Carey on February 18, 2019 Posted in HHS, HIPAA/HITECH

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) weighs in on one of the issues many entities find … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention

By Aleksandra Vold and Kathryn Carey on February 8, 2019 Posted in HHS, HIPAA/HITECH, Phishing, Ransomware

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) is not the first time HHS has discussed the prevalent … Continue Reading

Insurance Data Security Model Law Picks Up Steam

By Andreas Kaltsounis and Shea M. Leitch on February 6, 2019 Posted in Cybersecurity, State Legislation

Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance and financial service entities licensed in the state of … Continue Reading

FINRA Issues Recommendations and Best Practices to Address Common Cybersecurity Risks for Broker-Dealer Firms

By Will R. Daugherty and Caroline B. Brackeen on January 30, 2019 Posted in Financial Privacy

The Financial Industry Regulatory Authority (FINRA) has issued its “Report on Selected Cybersecurity Practices – 2018” to provide further guidance to broker-dealer firms in developing and improving their cybersecurity programs. The report piggybacks on FINRA’s 2015 “Report on Cybersecurity Practices” by identifying five common cybersecurity risks and outlining recommended practices addressing these risks: • Branch … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Phishing Prevention

By Kathryn Carey and Aleksandra Vold on January 24, 2019 Posted in Cybersecurity, HHS, HIPAA/HITECH

This article is part of a series of blog posts exploring the recommendations and guidance Health and Human Services (HHS) provides healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. In its report on cybersecurity best practices, HHS highlights email phishing attacks as one of the top threats … Continue Reading

HHS Issues Cybersecurity Guidance for Healthcare Organizations

By Kathryn Carey and Aleksandra Vold on January 7, 2019 Posted in Cybersecurity, HHS

BakerHostetler will post a series of blogs to fully explore the recommendations and guidance Health and Human Services provides healthcare organizations in its report. Cyberattacks continue to rise across industries, and healthcare is no different. Eighty percent of U.S. physicians reported having experienced some form of cyberattack. In 2017, cyberattacks cost small and midsize businesses … Continue Reading

HHS OIG Launches Cybersecurity Webpage to Raise Awareness and Boost Cybersecurity Best Practices

By Lynn Sessions and Alexandra Royal on December 5, 2018 Posted in Cybersecurity, HHS

Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with healthcare-focused ransomware attacks like WannaCry and NotPetya in the news more frequently, it’s no wonder that HHS OIG … Continue Reading

Broker-Dealer and Investment Adviser Agrees to Settle SEC Enforcement Action Arising From a Data Security Incident

By Will R. Daugherty and John Busch on October 18, 2018 Posted in Enforcement, Incident Response

The U.S. Securities and Exchange Commission (SEC) recently announced a consent order settling an enforcement action brought by the SEC against Voya Financial Advisors Inc. (VFA) in connection with a data security incident that occurred in 2016. VFA is a registered broker-dealer and investment adviser with the SEC. The order memorializes the SEC’s agreement to … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on August 28, 2018 Posted in Weekly Privacy Rewind

Biometric Information Privacy Act AGCO Corp., Ceridian HMC Inc. and Hegewisch Development Corp. Latest Employers to Face Allegations of BIPA Violations • Lawsuits against employers for alleged violations of Illinois’ Biometric Information Privacy Act (BIPA) show no signs of slowing, with three more employers, AGCO Corp., Ceridian HCM Inc. and Hegewisch Development Corp., all facing … Continue Reading

11th Circuit Issues Opinion Vacating Order That Required LabMD to Overhaul Its Data Security Program

By Kathryn Carey and Aaron Lancaster on June 8, 2018 Posted in Cybersecurity, Medical Privacy

On June 6, the 11th Circuit issued its long-awaited decision on LabMD Inc. v. Federal Trade Commission, vacating as unenforceable the Federal Trade Commission’s (FTC’s) cease and desist order that required LabMD to create and implement a variety of protective measures with respect to data security. Notably, however, the decision did not address the most … Continue Reading