In August, the United States Court of Appeals for the DC Circuit revived a class action lawsuit, holding that the threat of harm from a data breach is enough to satisfy the “injury in fact” standing requirement. Attias v. Carefirst, Inc., 865 F.3d 620 (DC Cir. 2017). The defendant, a group of health care insurers, filed a Petition for Writ of Certiorari to the United States Supreme Court on October 30 of last year. While the Supreme Court is deciding whether to grant the pending Petition, it is worthwhile to briefly review the standing question in the context of protecting your business from liability.
Continue Reading

Monitor all of your accounts for any suspicious activity on a regular basis. If you see something unfamiliar, it could be a sign that you’ve been compromised. Keeping receipts and tracking your account activity will help you to see a charge that is out of the ordinary, and will help you assist the company in

According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing.
Continue Reading

Limit use of free public WiFi. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust, and one that has security features.  Avoid logging in on your email and social media on unsecured networks as those passwords can be accessed easily

Take caution when clicking on attachments or links in every email. Phishing scams are a regular occurrence and can be crippling to businesses as well as individuals. If an email is unexpected or suspicious for any reason, do not click the link or open the attachment. Double check the URL of the website link; hackers

Practicing good password management can help secure your information. Password requirements have evolved over time with routine password changes and increasingly complicated rules to achieve “strong password” status. In June 2017, National Institute of Standards and Technology (NIST) released new guidelines signaling a deviation in the approach to password management. Digital Identity Guidelines, Special Publication

It is fitting that on the first day of Cybersecurity Awareness Month, new legislation takes effect regarding one of the most destructive types of malware.  In response to the rapidly increasing rate of computer extortion cases, the Connecticut Legislature has joined several states in creating a statute specifically targeting ransomware. Ransomware is a type of

Just last week, a Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of fault, you own the resulting legal obligations and costs. The best tools for managing the risk of using vendors are due diligence and adequate contract provisions.
Continue Reading

Data breaches have become commonplace in every industry. In health care, however, it costs much more to respond to a data breach than in all other industries in this country, according to the results of a recent IBM-sponsored study.1  The report estimates that a health care data breach costs $380 per record on average versus $225 per record in other industries. While the increased cost of a health care record is unavoidable due to the sensitive nature of the information and the fact that it is more valuable to criminals on the dark web, health care providers can take steps to prepare for a data breach, which can reduce the risk of a breach occurring and minimize costs if one occurs.
Continue Reading