A Deep Dive into CareFirst and What it Means for Breach Litigation in the US

The Supreme Court has shed some light on whether plaintiffs in a class action suit have standing to sue a healthcare insurer in federal court based upon a breach into that healthcare insurer’s protected network. On February 20, 2018, the Supreme Court denied CareFirst’s petition for certiorari and will leave the holding in place from the United States Court of Appeals, District of Columbia Circuit. This case resulted from a June 2014 cyberattack into the protected server of the health insurer, CareFirst.

Are you Following Me? How the Internet of Things is Affecting Our Lives

The new “big thing” in the cyber world is Internet of Things (“IoT”).  What is the IoT? It is your fitness tracker, your Alexa, electronic pacemakers, the GPS in your car, self driving cars — pretty much all of those cool and new electronics and technology that makes our lives exciting and easier.  However, no matter how techy our world gets some things never change, and the old adage — there is no such thing as a free lunch — seems more and more appropriate.  

The NYDFS: Treating Cybersecurity as the Newest Businesses Opportunity

The New York Department of Financial Services (NYDFS) issued cybersecurity regulations that began to take effect on March 1, 2017.  Similar to the Health Insurance Portability and Accountability Act (“HIPAA”), the NYDFS imposed proactive cybersecurity regulations on “covered entities” doing business in New York.  Covered entities under the NYDFS cybersecurity regulations include insurance companies, banking institutions, trust companies, budget planners, check cashers, credit unions, and (thanks to Equifax) credit monitoring companies.  

It isn’t the Size of the Breach: OCR Issues Largest Fine to Date against FMCNA

People like to talk about the big cyber breaches: Instagram, Ashley Madison, Target, and Equifax, just to name a few.  But it is not always the number of people affected by a breach that should cause concerns for businesses; it is the failure of a business to take appropriate steps to protect personal data. Let us deconstruct our point by using a recent example related to healthcare data under the Health Insurance Portability and Accountability Act (“HIPAA”) and its first settlement of 2018.

Breach Response- Decoding the Target in an M&A Transaction

If nothing else, one key element for any organization when addressing the issue of cybersecurity is breach/disaster response.  We have discussed in previous blog posts that being able to deliberately and elegantly respond to a breach is the main difference between extinction and survive.  A Darwinian proposition: only the strong (and prepared) survive.  Never is this fact more evident than when dealing with an M&A transaction.

Cybersecurity is Always a Good Investment IN M&A Transactions

Whether you are the target or the acquirer, cybersecurity is the number 1 issue in an M&A transaction. The reason? Money. If you are the target, failure to appropriately address cybersecurity can significantly devalue your company.  If you are an acquirer, failure to conduct appropriate cyber due diligence before the deal is signed can result in purchasing a liability instead of an asset.  No matter which side of the table you sit, cybersecurity should be top-of-mind.

Responding Elegantly and Deliberately

While at the recent Cybersecurity Awareness Summit at the Harrisburg University of Science and Technology, one of the speakers put a slide up that said basically; Firewalls, passwords, anti-virus software, and multifactor authentication → yesterday’s news. The point being that these are really the baseline.  The starting point.  The bare minimum of security.  

Breaching the Castle: Walls and a Moat are No Longer Enough

I cannot tell you how many times I hear people comment that their cybersecurity is “just fine” because they have firewalls and antivirus software. Cybersecurity effects all of us and simply having good firewalls and antivirus software is not enough. 

A Post-Equifax World: The Times They Are A Changin’

We now live in a post-Equifax world.  When we look back at this time in history, I truly believe that is how we will measure cybersecurity regulations.  How we approached cybersecurity pre-Equifax and how we approach cybersecurity post-Equifax.  There is no point in denying that the cyber-world has fundamentally shifted.  People who were paying little-to-no attention to cybersecurity are now running to their “tech guy” to find out what type of security their company employs. So what can we expect from this post-Equifax world, you may be asking?  Simply (and yet there is nothing simple about it), more regulations. 

Protecting Your Data In a Post-Equifax Breach World

Almost half of the country — approximately 143 million Americans — are asking what she or he can do in the wake of the Equifax breach.  How can I protect my identity?  What does this mean?  What additional steps can I take to make sure that I am protected?