Articles Posted in Cybersecurity

We’ve previously written about the distinctions between hacking credit and other financial data in comparison to hacking private information. (See Ashley Madison and Coming to “Terms” with Data Protection.) The issue of how much protection the latter receives when it relates to attorney-client communications is currently before the District Court of the Eastern District of Missouri in the multi-district litigation arising from the July 2015 Ashley Madison leaks. Plaintiffs—former users of the site who claim that Ashley Madison defrauded the public by creating fake female profiles to lure male users—hope to use leaked information in their consolidated complaint against the site, due to be filed June 3 of this year. The leaked information sought to be used includes references and citations to emails between Ashley Madison’s parent company, Avid Dating Life, and its outside counsel.

Posted April 15, 2016

Cyber Loss May Yet Fall Under General Liability

Recently, the Fourth Circuit handed down one of the first appellate-level decisions involving insurance coverage for a cyber-related event. The ruling is likely to create ripples among both carriers and company insureds, as it establishes the possibility that, under a general liability policy, a carrier may still be on the hook to cover cyberattacks or data breaches that are the result of a company’s negligence (as opposed to those stemming from a criminal attack, in which the company is the victim). In their Client Alert on the Fourth Circuit’s ruling, colleagues James Bobotek, Peri Mahaley and Benjamin Tievsky break down the ruling and its takeaways.

Posted February 25, 2016

The Case of the Hacked Hospital: When a Cyber Breach Becomes a Health Crisis

by Carolyn S. Toto

Carolyn S. Toto

Recently, we noted vulnerability issues from use of the Internet of Things and how that has come to impact the health industry. Recent events continue to highlight this development. Since the start of the year, there have been cyber attacks targeting hospitals. Perhaps recognizing the extensive disruption and potential privacy concerns to patients, the hackers have targeted these institutions to either make a point or seek large sums in exchange for returning access to the hospital data. In January, Hurley Medical Center, based in Flint, Mich., was attacked, although a spokesperson stated that policies and protocols were followed and patient care was not compromised. The hacktivist group Anonymous released a video with the hashtag #OpFlint prior to the cyber attack and suggests responsibility for the breach to make a point regarding the city’s water crisis, although no confirmation has been made.

Posted February 11, 2016

Managing the Cybersecurity Risks of the Medical Internet of Things

The cybersecurity ramifications of the Internet of Things (IoT) are perhaps nowhere more crucial—potentially a matter of life and death, in fact—than in the realm of medical devices. Until recent times, a potential hack of the data-sharing that is a hallmark of the IoT raised far more privacy concerns than actual health risks. However, as medical devices begin to evolve and make use of the connectivity of the IoT, this balance may change. For one example, think pacemakers, where a malicious glitch in a networked piece of equipment could have fatal consequences.
Continue Reading →

Posted December 17, 2015

News of Note for the Internet-Minded – 12/17/15

Stories of interest this week include a developers showcase for the HoloLens, robots able to feel textures like humans, a cool billion invested in AI, and more.

Posted November 12, 2015

Cybersecurity Information Sharing Gains Senate Approval

In their recent Alert on the Senate’s passage of the Cybersecurity Information Sharing bill, colleagues Brian E. Finch, Elizabeth Vella Moeller and Craig J. Saperstein explore and evaluate the U.S. Senate’s approval of legislation (long sought by industry) that would facilitate information sharing (including threat indicators) across government and industry lines in real time, and provide liability protection to companies that participate.

Posted October 7, 2015

Safe Harbor Dead: What U.S. Businesses Need to Know/Do Next

The decision of Europe’s top court yesterday to confirm that the ruling that the Europe Union(EU)/U.S. Safe Harbor scheme, Commission Decision 2000/520, was invalid has major implications for any businesses transferring data from the EU to the United States.

Posted September 30, 2015

FTC Fines Can Add Salt to a Cybersecurity Wound

by Carolyn S. Toto

Carolyn S. Toto

Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S. Third Circuit Court decision provides a reminder that the pain can come in many forms. In Federal Trade Commission v. Wyndham Worldwide Corp, the Court confirmed that the FTC can levy expensive fines on a business for failing to adequately protect consumer information. If there wasn’t sufficient reason before, the Third Circuit opinion should convince many who ignored cybersecurity to take a more proactive approach.