On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in scope, imposes extensive data processing obligations, and establishes potentially severe penalties for violations. Although many of the details surrounding implementation remain unclear, given the law’s extensive requirements and severe penalties for noncompliance,… More

On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.  The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators.  In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More

Foley Hoag partner and Co-Chair of the firm’s Privacy and Data Security Practice, offers his insights, along with those of the Cybersecurity and Infrastructure Security Agency (CISA) and FBI regarding spear-phishing campaigns using TrickBot malware throughout North America.

Read the full Revenue Cycle Advisor article here. More

In response to the spate of ransomware attacks, the United States has launched a website, www.cisa.gov/stopransomware.   According to the government press release, the website’s aim is:

to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov<http://stopransomware.gov/> is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware,… More

On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of California’s Consumer Privacy Act (CCPA) and the newly-enacted California Privacy Rights and Enforcement Act (CPRA). Virginia will not be the last to regulate the relationship between consumers and businesses holding their data;… More

If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be.  Like many cyberattacks, this one came on the verge of a holiday weekend.  As the company itself notes, “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack.   Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only. … More

On May 10, 2021, the hacking group DarkSide succeeded in shutting down the Colonial Pipeline with a ransomware attack that highlighted the vulnerability of the U.S. energy sector to cyberattacks.  The attack led to a panic among many consumers in the Southeast, resulting in a fuel shortage throughout several states.  According to media reports, Colonial Pipeline paid $4.4 million in ransom to DarkSide to get its system back online.… More

In Van Buren v. United States, the Supreme Court has issued its first ever opinion interpreting the Computer Fraud and Abuse Act.  The CFAA, originally conceived as an anti-hacking statute, broadly prohibits, and imposes civil and criminal penalties for, accessing computers or computer systems “without authorization” or in a way that “exceeds authorized access.”  18 U. S. C. §1030(a)(2).  The question before the Court was how far CFAA liability extends under that latter clause—“exceeds authorized access.”  Does it apply merely to those allowed to obtain information from some parts of computer systems but not others? … More

The risks of owning and operating a business continue to change, and we must all adapt to survive and thrive.

Please join Foley Hoag partner Colin Zick- and a great panel of experts and advisors – to learn what you can do to mitigate against the rapidly evolving cyber threats to your business and your customers.

You are invited to a Zoom webinar.

When: Jun 17,… More

On May 27, 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical companies in the pipeline sector.  (And for those in other business sectors, this is a potential preview of cybersecurity regulation to come.)

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N.… More