Pre-breach planning

Is Ransomware a Notifiable Data Breach Event?

There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks.  Among the different attack methodologies today, ransomware is quickly becoming a major concern for CISOs and security professionals.  According to Interagency Guidance from the U.S. Government, there are currently over 4,000 daily ransomware attacks – up over 300% from the 1,000 daily ransomware attacks experienced in 2015.

Ransomware can potentially hold hostage critical corporate, customer and employee data, but in-house legal and communications teams are also concerned about whether these attacks trigger notification rules.  The Department of Health and Human Services Office of Civil Rights (“HHS OCR”), which enforces the HIPAA Security and Breach Notification Rules, stated in recently issued guidance that ransomware incidents may be considered a breach that require notification.  The guidance is a poignant reminder to all companies, whether regulated by HIPAA or not, to carefully consider how evolving attack methodologies can directly implicate incident response strategies and compliance obligations.

READ MORE

The Cybersecurity Playbook: Building Effective Attack and Breach Preparedness

inside the minds

With the most significant of cyberattacks resulting in millions of dollars in costs, irreparable damage to a company’s brand, and key executives getting fired, organizations must begin to prepare for what most experts think is the inevitable breach. And yet, when it comes to cybersecurity, many still think of it like physical security: a matter for professionals to handle by fencing in a campus perimeter, putting the most important entry points under lock and key, and assigning someone to monitor the video surveillance.

But cybersecurity does not work like physical security. In the “The Cybersecurity Playbook: Building Effective Attack and Breach Preparedness” chapter of “Understanding Developments in Cyberspace Law: Leading Lawyers on Analyzing Recent Trends, Case Laws, and Legal Strategies Affecting the Internet Landscape” we explore strategies to reduce the likelihood of a breach but more importantly mitigate the harm whether it be reputational, legal, or key job losses that can all too often arrive in the wake of a data breach.