Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of confidential data. Within the health care industry, the HIPAA Security Rule applies to covered entities and their business associates (“regulated entities”) and electronic protected health information (ePHI). Because ePHI identifies individuals and includes information relating to an individual’s health,… More
Category Archives: Ransomware
Federal Agencies Issue Alert Regarding Maui Ransomware
On July 7, 2022, three federal agencies – the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of the Treasury – issued a joint alert regarding Maui Ransomware, which has been linked to ransomware attacks on healthcare and public health entities carried out by North Korean state-sponsored cyber actors.
These are the key recommendations of the alert:
- Since at least May 2021,…
CISA on Russia, Ukraine and Ransomware
According to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA“), the potential hostilities between Russia and Ukraine are likely to spill over into cyber warfare. In this month’s CISA Insights:
Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies,… More
Ransomware Payments – OFAC Updates its Advisory and Congress Gets Involved
Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
Ransomware Payments – OFAC Updates its Advisory and Congress Gets Involved
Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More
Biden Issues Memorandum Aimed at Improving Cybersecurity
On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators. In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More
Kaseya VSA Cyberattack: What Kaseya and the Feds Are Saying
If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More
Cybersecurity 2021 – The Year in Preview: Ransomware, the Latest Threat to the Nation’s Energy Supply
Editors’ Note: This is the first in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.
The Growing Threat of Ransomware
According to media reports, ransomware attacks against the manufacturing industry have more than tripled compared with last year. This dramatic rise in cyberattacks poses serious concerns about the vulnerability of critical energy infrastructure serving the nation’s electric grid,… More
CISA Issues Ransomware Alert for Activity Targeting the Healthcare and Public Health Sectors
On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sectors to infect their systems with Ryuk ransomware for financial gain.
CISA,… More
Is Paying Ransomware Grounds for OFAC Sanctions? OFAC Says “Maybe”….
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating ransomware payments. In particular, the alert targeted “financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response….” While this is an advisory and does not have the force of law,… More
Partner Colin Zick Quoted in McKnight’s Long-Term Care News Article on Ransomware
Ransomware attacks are the biggest data breach threat facing nursing facilities and other healthcare institutions, a new Bloomberg investigation finds.
“Part of the reason individuals are so vulnerable is that they receive so many emails that each one isn’t carefully reviewed,” partner Colin Zick said.
Click here to read the full article on McKnight’s. More
Cybersecurity 2018 – The Year in Preview: Emerging Security Threats
Editors’ Note: This is the second of a multi-part end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Click here for our previous entry on HIPAA Compliance. Up next: trends in federal enforcement.
After one of Britain’s first victories in the Second World War, Winston Churchill declared that it was “perhaps, the end of the beginning” – a turning point in the war. … More
Watch: Privacy and Data Security for the Generalist In-House Counsel
Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.
As in-house counsel,… More
Webinar on September 13: Privacy and Data Security for the Generalist In-House Counsel
Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.… More
Deja Vu All Over Again: Massive Ransomware Attack Underway
A mere month and a half after the WannaCry strain of ransomware caused major havoc in European and Asian countries, another major ransomware attack hit large institutions across Europe and the United States yesterday. Hardest hit has been Ukraine, which has seen major attacks on its government, banks, and power infrastructure. Other European firms such as Germany’s Deutsche Bahn railways and Danish shipping firm A.P.… More