Category Archives: Cyber Crime

Cyber Security and Social Engineering: A Big Low Tech Problem

Headline-grabbing cyber hacks of email accounts belonging to celebrities, corporations, government officials and political campaigns are becoming the norm.  Cybersecurity intended to guard against these acts brings to mind high tech computer hardware and software fixes delivered by knowledgeable IT professionals, who are expected to prevent network intrusions, stolen passwords, viruses, ransomware attacks and other hacks. But the most recent notable cyber hacks were not caused by high tech espionage.  Rather, they were the product of low tech social engineering – the use of deception to manipulate users into divulging confidential passwords and other personal information.  This kind of hack …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective (Part II)

We published Part I of our “Anthem Breach Retrospective” in January 2017.  Coincidentally, at around the same time several plaintiffs in one of the earliest filed cases arising out of the Anthem data breach voluntarily asked a judge in the Northern District of California to dismiss their lawsuits. The requests for dismissal came after Judge Cousins ordered select plaintiffs to comply with a discovery request by Anthem, requiring them to submit their computers to an independent forensic examiner to determine whether malware caused data or credentials to be stolen from the plaintiffs’ computers even before the breach of Anthem’s systems. …

[ CONTINUE READING ]

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014.  The number of complaints that year had spiked up compared to 2013: around a 25% increase.  This post will examine key cases from 2015 and 2016.  While the number of complaints in 2015 was relatively steady with 2014, it appears, based on preliminary numbers, that 2016 was the busiest year ever for the Office. HHS has data through November 2016 currently posted on its website, but no …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective

Many people and news outlets have opined, weighed in, and informed the public about the 2015 Anthem breach. It remains a hot topic in January 2017, because it currently lines up with other hot stories about hacking ordered by foreign governments.  But even before the Anthem breach was linked to one of the biggest issues of the 2016 election cycle, it was an important data incident, for several reasons. Why was the Anthem breach important at that time? The Anthem breach was notable because it was the first major data breach that potentially involved protected health information. Media coverage about …

[ CONTINUE READING ]

Cyber Insurance: Common Pitfalls of the Insured

As we have noted in a number of recent posts, tech companies need cyber insurance. The risk of not having it is simply not worth it.  But cyber insurance policies can be confusing to understand because the policies vary depending on your type of business, business needs, and how your customers are serviced. Some companies might need a combination of cyber policies in order to have complete cyber insurance coverage. It is very important to do your due diligence, think critically about the cyber insurance needs of your company, and find a policy that covers all of your company’s cyber …

[ CONTINUE READING ]

Revisiting Cyber Insurance: Are You Covered?

Increasingly, companies are looking to insurance to help manage their cybersecurity risks and defray losses sustained from data breaches.  Losses can range from reputational damage, business interruption, and professional fees for computer forensic services and attorneys to handle regulatory inquiries or lawsuits.  In the event of a data breach or other cyber incident, recent rulings suggest that traditional insurance policies, like a company’s Commercial General Liability Policy (CGL), may provide coverage, or, at the very least, a defense to lawsuits spawned by cyber events. How do you know if you are covered under traditional policies?  First, carefully review the language …

[ CONTINUE READING ]

Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies suffering data breaches: Storing sensitive data in readable text; Any system that permits the use of easily-guessed passwords; Failure to use firewalls between internal systems, the corporate network and the Internet; Lack of adequate administrative security policies and procedures; Failure to adequately restrict third-party vendors from network and corporate servers; Failure to employ reasonable measures to detect and prevent unauthorized access; and, Failure to follow proper incident …

[ CONTINUE READING ]

Erin Andrews Jury Sends Hoteliers a $55 Million Dollar Reality Check

“Privacy law” continues to evolve in the face of ever-advancing technology. Legislative bodies, administrative agencies, courts, tech companies, and a host of other interests are working to innovate, keep pace with, or catch up. Even the First Amendment, which has been interpreted by courts, lawyers, and scholars for hundreds of years, and, which stands as a counter-balance to the right of privacy, is being tested in new ways. But the recent trial involving Erin Andrews highlights that, sometimes, privacy issues are simple, and businesses need to implement common sense policies or face potentially costly outcomes. A Nashville jury recently handed …

[ CONTINUE READING ]

Cyber Insurance: Make Sure You Understand Your Coverage

Today, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.  In terms of what might be covered in a cyber insurance policy, there are basically two types of coverage – “first party” coverage and “third-party” coverage.  First party coverage covers the types of losses that your company might suffer directly in the event of a data incident.  That may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, …

[ CONTINUE READING ]

Apple’s DOJ Battle Scratches the Surface of Encryption Debate

By now you are likely aware of Apple’s ongoing battle with the Justice Department over the scope of the All Writs Act and its resistance of a federal court’s order compelling Apple to create special software that would unlock the iPhone used by Syed Rizwan Farook, one of the assailants in a mass shooting in San Bernardino, California. If you haven’t kept up with the story, an excellent walk through of where things stand may be found here. Apple’s case is generating a great deal of public debate over the amount of privacy a person may come to expect when …

[ CONTINUE READING ]