By: Joshua Mooney
Recently, the Supreme Court of Pennsylvania issued a landmark decision in Dittman v. UPMC, 2018 Pa. LEXIS 6051 (Pa. Nov. 21, 2018) in which employers now have an independent duty to protect employee data from cyberattacks. The case was explained in an alert published last week. Here are five quick thoughts on the decision: …
Five Quick Thoughts on Dittman Read More »
By: Andrew Lipton
On November 30, 2018 Marriott International announced that hackers gained “unauthorized access” to the Starwood brand reservation database, potentially compromising the accounts of approximately 500 million guests. According to company officials, the hackers “copied and encrypted [guests’] information, and took steps toward removing it” beginning in 2014. This information included names, phone numbers, email addresses, passport numbers, dates of birth and guest’s travel itinerary information. Marriott allegedly discovered the data breach last week. …
Marriott’s Starwood Data Breach Could Expose 500 Million CustomersRead More »
Marriott’s Starwood Data Breach Could Expose 500 Million Customers Read More »
By: Sedgwick Jeanite
With more and more medical devices connected to the Internet of Things (IoT), there is increasing concern over the potential vulnerabilities for cyberattacks against such devices. This vulnerability represents not only greater exposure of manufacturers and healthcare providers employing IoT medical devices, but also insurance carriers who insure against such risks. As a further highlight of this concern, a recent report released by the Office of the Inspector General (OIG) implied that the Food and Drug Administration (FDA) has insufficient controls to respond to cybersecurity problems with medical devices already in the market. The Federal Food, Drug, and Cosmetic Act provides that the FDA’s mission is to ensure that medical devices legally marketed in the United States are safe and effective for their intended uses. …
By: Linda Perkins
The U.S. Department of Homeland Security (DHS) recently made “strengthening risk management and prioritization of cyber and physical threats and hazards” a national priority. Similarly, this week’s theme for National Cyber Security Awareness Month is “Safeguarding the Nation’s Critical Infrastructure” and, looking ahead, the DHS has designated November as Critical Infrastructure Security and Resilience Month. By doing so, the DHS hopes to engage and educate public and private sector partners and raise awareness about the pressing need to secure the range of systems and resources that underpin everyday life in the U.S. Businesses can address many of these recommendations on their own, but others may be better informed after consultation with counsel to make sure certain risks are properly assessed and responsibly mitigated based upon the individual business environment. …
Security of Critical Infrastructure Relies on Businesses to Build ResilienceRead More »
Security of Critical Infrastructure Relies on Businesses to Build Resilience Read More »
By: Gwenn Barney
Lawyers are advisors and advocates. Clients trust lawyers to preserve secrets, confidential matters that when disclosed could cause financial or reputational damage. A significant element of legal representation involves safe-guarding these confidences competently and also acting responsibly if an unauthorized disclosure occurs.
Law firms are prime targets for data breaches because they hold a treasure trove of digital information. The American Bar Association (ABA) introduced a new opinion on October 17, 2018 to guide lawyers in their responsibilities to clients in relation to data breaches involving or having a substantial likelihood of involving material client information. These responsibilities, laid out in Formal Opinion 483, include monitoring for data breaches, restoring systems after a data breach, post-breach investigations, and informing current clients when a breach occurs. Law firms are expected to develop and implement data privacy and security programs, and as in other industries, a firm’s management is expected to undertake an active role with implementing such a program. A failure to do so could result in an ethical violation.
…
ABA Issues New Cybersecurity Ethics Rules for LawyersRead More »
ABA Issues New Cybersecurity Ethics Rules for Lawyers Read More »
By: Gwenn Barney
Ensuring the online safety and security of a workplace is only possible through the joint efforts of all the employees using a company’s computer systems. The failure to maintain a secure network environment can result in direct financial losses and expose a business to liability. The seven tips below can be used to keep your work files and network safe, whether working in the office or from home. …
Seven Steps to Stay Safe Online in the Workplace Read More »
By: Michael Jervis
October has been designated National Cyber Security Awareness Month by the Department of Homeland Security, and in the first week of the month we are focusing on developing good cybersecurity habits in our most personal spaces – our homes. Most of us are aware that in the age of nearly ubiquitous WiFi, as well as the near-constant presence of mobile phones, the cyber world extends into our living rooms, bedrooms and kitchens. Anywhere the internet reaches, so do the cyber threats. The seemingly constant stream of news about cyber threats and attacks can seem daunting, but there are several things we can all do in as little as a few hours that will go a long way to staving off many of the most common threats. …
Five Steps to Make Your Home More Cyber Secure Read More »
By: Sedgwick Jeanite
Three of the biggest names in the cybersecurity world, CrowdStrike, Inc., Symantec Corporation and ESET, LLC have been named as defendants in an antitrust lawsuit that alleges they conspired to hamper independent reviews of their antivirus products. A fourth defendant in the action is Anti-Malware Testing Standards Organization, an organization formed in 2008 to develop the first official standards for anti-malware testing. Ordinarily, customers pay attention to antitrust litigation because the outcome may have some financial impact on the price for products. However, in this day and age, where cybersecurity is extremely important to every company, the facts alleged in this antitrust lawsuit could undermine consumers and customers’ confidence in certain cybersecurity products. …
By: Joshua Mooney and Kate Woods
Data privacy and security can feel overwhelming for a company’s executive management. Unfortunately, that overwhelming feeling can prevent constructive dialogue and action toward improving a company’s cybersecurity program. Recently, the U.K.’s National Cyber Security Centre (NCSC) issued what it called a “Board toolkit” – five questions a board of directors should ask and know the answers to regarding its company’s cybersecurity. …
By: Michael Jervis
KrebsOnSecurity recently reported a vulnerability found in perhaps little-known but widely used financial services software which powers the websites of thousands of banks. The exposure allowed even a mildly clever user to view financial account details for accounts that did not belong to the user. …
Significant Vulnerability Discovered in Software Platform Serving Close to 2,000 BanksRead More »
Significant Vulnerability Discovered in Software Platform Serving Close to 2,000 Banks Read More »
