Q&A: Ransomware Attack

By now, many of you are aware of the malware virus that is spreading rapidly around the world. Taft’s Technology group has prepared the following short summary of questions and answers about this ransomware attack, which in effect locks out users from accessing their files unless a ransom is paid via bitcoin.

Q: I have been hit with a ransomware attack, what are my options?

A: You can pay the ransom with the hopes of getting your data back, or … Read More

5 Cybersecurity Tips for In-House Counsel

Cybersecurity is not an aspect of your business that can be tackled once and then forgotten. The threats are constantly evolving. They require attention and resources. Here are 5 tips to make sure your company is prepared in case of an attack.

  1. Disaster Recovery Plan– Data is the lifeblood of most organizations. Where is your data stored? What would happen to your business if a natural disaster like a fire, flood or other catastrophe struck the location where your
Read More

10 Tips for Presenting Complex Cases In Arbitration

The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?

Taft attorneys Bill Wagner and Michael Diamant recently published an article in Law360 with 10 tips for presenting complex cases in … Read More

DHS Proposed Rules Cover Privacy Training, IT Security Awareness Training and the Safeguarding of CUI

In January, we wrote about the new training requirement for employees who handle personally identifiable information (“PII”) or who build systems containing PII. On the same day that rule went into effect, Jan. 19, 2017, three related Department of Homeland Security (“DHS”) proposed rules were published in the Federal Register covering mandatory privacy training, information technology (“IT”) security awareness training, and the safeguarding of controlled unclassified information (“CUI”). Comments on all three proposed rules are due on Monday, March 20, … Read More

Taft Co-Hosts Upcoming Panel Discussion: Cybersecurity: Recent Developments and Risk Mitigation Strategies

Please join us at Taft Indianapolis on March 21 for a breakfast event featuring an informal, interactive panel discussion covering recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies.

Agenda:

Registration and Continental Breakfast: 7:30-8:00 a.m.
Discussion: 8:00-9:30 a.m.

Panelists:

  • Richard L. Banta and Alex J. Carroll from Lifeline Data Centers, LLC
  • Frederick W. McClaine from Shepherd Insurance
  • James A. Butz and William C. Wagner from Taft Law

Click here for the PDF invitation … Read More

Wagner Article “Takeaways From NASA Cloud Security Audit” Published by Law360

Bill Wagner authored the article “Takeaways From NASA Cloud Security Audit,” which was published by Law360 on March 1. The article discusses the Office of Inspector General’s audit report on the security of NASA’s cloud computing services and offers discussion points for corporate management and directors to consider in their own cybersecurity efforts.

In the article, Bill also provides some discussion points for a tabletop review of NASA’s audit findings with your management and board.

Bill is co-chair … Read More

HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.… Read More

St. Louis Cardinals Hacking Scandal: A Real-World Example of the Importance of Password Management

The saga surrounding the St. Louis Cardinals hacking scandal concluded with the issuance of a final punishment from MLB. The scandal stemmed from the actions of the former Cardinals scouting director Chris Correa, after he illegally accessed the e-mail accounts of members of the Houston Astros front office as well as their scouting database. The Cardinals were ordered to forfeit their top two selections in the upcoming 2017 amateur draft to the Astros and pay them two million dollars within … Read More

5 Tips for Training Employees in Effective Cybersecurity Practices

One overlooked aspect of cybersecurity is training for the employees at your company in proper data management practices. All of the technical measures that a company employs to guard against intrusions do not matter when an employee knowingly or unknowingly circumvents those measures. Proper training can help to reduce the number of incidents and lower your chances of suffering from a data breach.

  1. Password Management  Proper password management is key to any cybersecurity program. The technical barriers to entry
Read More

OCR Penalizes Slow Data Breach Response

The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.

The settlement stems from … Read More

LexBlog