Tag Archives: DSIR

2022 DSIR Report Deeper Dive: OCR’s Right of Access Initiative

Photo of Courtney LitchfieldBy Courtney Litchfield on Posted in Data Breaches
In 2019, the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) announced its Right of Access Initiative, promising to prioritize patients’ rights to receive timely copies of their medical records without being overcharged. In the three years since, which saw the transition to a new administration in Washington, OCR has publicized … Continue Reading

2022 DSIR Report Deeper Dive: The Expanding Landscape of State Data Privacy Law

Photo of Elise ElamPhoto of David PotterPhoto of Vaughn StupartBy Elise Elam, David Potter and Vaughn Stupart on Posted in Data Protection, Data Security
BakerHostetler’s Data Security Incident Response Report is a one-of-a-kind resource that leverages aggregated data from security incidents. Our Digital Risk Advisory and Cybersecurity team has shared insights from attorneys across the firm’s Digital Assets and Data Management Practice Group who work with clients on complex privacy and data protection matters. This article takes a closer … Continue Reading

DSIR Deeper Dive: Are you ready for the CPRA?

Photo of Justin T. YedorBy Justin T. Yedor on Posted in CPRA
In sports, they sometimes call it a rebuilding year – the team hires new players or a new coach, restructures, updates strategy, and prepares for the next season. In the world of California privacy compliance, 2021 was a rebuilding year for many companies. While handling ongoing compliance with the California Consumer Privacy Act (CCPA), businesses … Continue Reading

DSIR Deeper Dive: Class Certification Jurisprudence

Photo of Melissa BilanciniBy Melissa Bilancini on Posted in Data Breaches
Over the years, there have been very few class certification rulings in actions arising from data breach incidents. Of those that have been published, most have favored the defense. However, as we discussed in our 2022 Data Security Incident Response Report, the recent ruling in In re Brinker Data Incident Litigation (“Brinker”)granting class certification has … Continue Reading

DSIR Deeper Dive into the Data: Ransomware Front and Center

Photo of Joseph L. BruemmerPhoto of Elise ElamBy Joseph L. Bruemmer and Elise Elam on Posted in Ransomware
There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. In 2019, there were approximately 15 active ransomware threat actor groups. In 2021, we handled matters involving more than 80 different ransomware variants. Government entities and … Continue Reading

2022 DSIR Deeper Dive: Vendor Incidents

Photo of Stefanie FerrariBy Stefanie Ferrari on Posted in Data Breaches, Data Security Incident Response
Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems. These ransomware attacks often involved … Continue Reading

Forensics Deep Dive: The Importance of Proper Configuration and Monitoring

Photo of Joseph L. BruemmerBy Joseph L. Bruemmer on Posted in Data Breaches
Many of the trends we observed in 2020 continued in 2021. Network intrusions and ransomware continued in full force, representing more than half the incidents we handled last year. Threat actors continued their tried-and-true tactics of encrypting devices and exfiltrating data to extort payments, and also tried new approaches or variations on old ones, like … Continue Reading

Welcome to our 8th Annual Data Security Incident Response (DSIR) Report. What a year it has been!

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Security
2021 did not turn out the way many of us had hoped. Best-laid plans to “return to normal” were postponed numerous times due to multiple waves of COVID-19 outbreaks and new variants. The steady frequency of ransomware attacks in 2020 continued into 2021, highlighting the serious ongoing threat cyberattacks pose. The most frequent client requests … Continue Reading

The Impact of Data Security Incident Trends on Commercial Transactions: Part I – M&A

Photo of Craig CarpenterBy Craig Carpenter on Posted in Data Security Incident Response
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is … Continue Reading

Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat

Photo of Eric A. PackelPhoto of Vimala DevassyPhoto of Courtney LitchfieldBy Eric A. Packel, Vimala Devassy and Courtney Litchfield on Posted in Healthcare
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the industry to tackle, it also faced a surge of ransomware attacks, evolving legal/regulatory considerations, and novel and complex issues presented … Continue Reading

Data Breach Enforcement Is a Global Risk

Photo of Seungjae LeePhoto of Nichole SterlingBy Seungjae Lee and Nichole Sterling on Posted in Data Security Incident Response
The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report highlights some regulatory enforcement trends we saw from the European Union (EU) data protection authorities (DPAs) during the past year. EU DPA enforcement actions increased significantly in 2020, as DPAs followed up on personal data breach notices and individual complaints and also launched investigations … Continue Reading

Pairing Real-World™ Problems with Realistic Solutions – a Push for Practical Information Governance

Photo of James A. ShererPhoto of Adam CohenBy James A. Sherer and Adam Cohen on Posted in Information Governance
For those attorneys and information governance practitioners unfamiliar with recent pedagogic advancements, “real-world problem solving” moves teaching approaches away from the classical model that assumes individuals will operate logically and in self-interested ways to a more realistic view. The more realistic view then acknowledges the powers of wishful thinking, uneven knowledge across populations, and the … Continue Reading

Dramatic Increase in the Number of Third-Party Vendor Incidents Emphasizes the Need for Better Vendor Due Diligence Processes

Photo of Sara GoldsteinBy Sara Goldstein and David Kitchen on Posted in Third-Party Vendor Incidents
As reflected in our 2021 Data Security Incident Response Report  2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. This spike resulted from companies’ increased reliance on vendors to carry out … Continue Reading

The Scourge of Ransomware

Photo of Craig A. HoffmanPhoto of Elise ElamBy Craig A. Hoffman and Elise Elam on Posted in Data Security Incident Response
Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives, discussions by legislators about laws to help address the problem, and real-world impact from operational disruption (such as panic-buying of gas). Most … Continue Reading

Seventh Annual Data Security Incident Response Report Released – Disruption and Transformation

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Security Incident Response
Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend to update this version throughout the … Continue Reading

DSIR Deeper Dive: Regulatory Investigation Landscape

Photo of Lynn SessionsPhoto of Patrick H. HaggertyPhoto of Kimberly GordyBy Lynn Sessions, Patrick H. Haggerty and Kimberly Gordy on Posted in Data Security Incident Response
HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued a data request. While OCR investigations can be burdensome, few of them result in penalties. State attorneys general have … Continue Reading

DSIR Deeper Dive: The Ransomware Epidemic

Photo of Anthony P. ValachBy David Kitchen and Anthony P. Valach on Posted in Data Security Incident Response
Ransomware is among the most common and persistent threats faced by organizations of all sizes. In 2019, the ransomware threat landscape worsened in several significant ways: (1) average demands increased more than tenfold; (2) all industry segments saw increases in attack frequency, with stark increases seen by education and government entities; and (3) several threat … Continue Reading

DSIR Deeper Dive: Using Compromise Threat Intelligence

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Security Incident Response
Organizations are under tremendous pressure to be agile and resilient. A key part of building a mature cybersecurity posture to enable the goals of the organization is conducting ongoing risk assessments and then implementing risk-prioritized measures. Organizations contact us during this process to ask what emerging threats to guard against. Our answer always includes a … Continue Reading

Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Security Incident Response
We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year is taking us. Ransomware was, and continues to be, a big issue. We … Continue Reading

Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

Photo of Janine Anthony BowenBy Janine Anthony Bowen on Posted in Data Security Incident Response
There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance. In fact, limitations of … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

Photo of M. Scott KollerPhoto of Kathryn CareyBy David Kitchen, M. Scott Koller and Kathryn Carey on Posted in Cybersecurity, Data Security Incident Response
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Deeper Dive: Forensics

By Will R. Daugherty on Posted in Data Security Incident Response
A company’s ability to quickly and effectively conduct a forensic investigation is often critical to limiting the impacts of a data security incident, determining the scope of the incident and developing an effective communications plan. In BakerHostetler’s 2018 Data Security Incident Response Report, we analyzed over 560 data security incidents that we worked on in … Continue Reading
LexBlog