Category Archives: Risk management

CISA Issues Ransomware Alert for Activity Targeting the Healthcare and Public Health Sectors

On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sectors to infect their systems with Ryuk ransomware for financial gain.

CISA,… More

Best Privacy and Security Practices, COVID-19 Edition (Hint: Fewer Differences than You Might Think)

Businesses scrambling to move their workforces into remote environments are rightly concerned about the smooth and productive flow of information, including question about whether there will be any government support for building out a remote infrastructure, and what limitations are there on the kinds of information employers may obtain or share to minimize the health impacts on their employees (both questions, among many others, that Foley Hoag’s COVID-19 Task Force was built to help answer). … More

FBI Warns of Teleconferencing and Online Classroom Hijacking

If you are among the many people turning to video-teleconferencing (VTC) to stay connected during the COVID-19 pandemic, you need to protect yourself from “Zoom-bombing” – the entrance of uninvited individuals into your VTC.  The FBI has received multiple reports of conferences being disrupted by offensive images and/or threatening language.

The FBI recommends the following steps to mitigate VTC hijacking threats:

  • Do not make meetings or classrooms public:
    • In Zoom,…
  • More

FERC and NERC Talk Grid Resilience and Cybersecurity

On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More

Is Your Company’s Board of Directors Cyber Savvy?

Every company should expect that at some point it will experience a data breach. Whether as a result of hackers, disgruntled employees, or careless acts such as losing an unencrypted phone or laptop, data breaches may subject companies to liability and must be handled with speed and great care. What are the responsibilities of directors in preventing and addressing data breaches?

Without a doubt, directors must be generally aware of the data security risks facing the company and ensure that the company is prepared to manage those risks appropriately and has an incident response plan for a data breach.… More

Minimizing Litigation Risk: What Cybersecurity Auditors Can Learn From Their Financial Statement Auditor Analogues

Data breaches – always critically important to those with responsibility for storing, transporting and protecting electronic information – have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions, and family meetings around the dinner table.  They, of course, have also been the subject of government investigations and private litigation.

The current environment is not unlike other moments in our recent past that seemed to have captured the attention of Wall Street,… More

Cyber Insurance: Prevalent But By No Means Ubiquitous

A recent survey from the credit score company FICO has some interesting numbers on the prevalence of cyber insurance in the US.

  • 50% of US companies have no cyber insurance.
  • 74% of US healthcare companies have no cyber insurance.
  • 27% of US companies say they have no future plans to acquire cyber insurance.

Today, you can expect the more traditional types of business insurance,… More