In a shocking show of gumption, a ransomware gang has reportedly not only hacked a US public company’s (MeridianLink) IT systems, but also filed a complaint on the SEC’s Tips, Complaints, and Referrals page, regarding Meridian Link’s claimed failure to disclose the incident in an 8-K in violation of the SEC’s new cybersecurity rules. Even though public companies are not yet required to comply with the new cybersecurity disclosure rules (8-K requirement goes effective on…
Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…
After months of debates, on 24 January 2023, France enacted the Orientation and Programming Law (LOPMI) which introduced amendments to the insurability of losses and damages paid in response to cyber-attacks. At the center of the debates: the insurability of ransom payments. The LOPMI has confirmed such insurability with conditions. Pursuant to article 5 of the LOPMI, introduced under the French Insurance Code at article L. 12-10-1: “The payment of a sum pursuant to an…
On Tuesday, October 11, 2022, members of Baker McKenzie’s Global Data Privacy and Security Team, including Brian Hengesbaugh, Harry Valetk and Elizabeth Denham, presented at the Global Data Protection Program 2022 hosted by the Practising Law Institute. The program boasted an impressive line-up of data privacy experts from both government and industry to share practical insights. The half-day program was comprised of the following four segments: Introduction and Legislative Developments in Data Protection Laws Nuts and Bolts…
In this episode, Brian Hengesbaugh, Global Chair of Data Privacy and Security, is joined by Stephen Reynolds, partner in Chicago, as they discuss the Strengthening American Cybersecurity Act, a law recently signed by President Biden, which requires key businesses to report certain ransomware incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Listen in to hear about: An overview of the new law, including key elements such as mandatory reporting requirements, timelines and which “critical…
In this episode, Brian Hengesbaugh, Global Chair of Data Privacy and Security, is joined by Cy Vance, Global Chair of Cybersecurity based in New York, as they discuss the current cybersecurity threat landscape from a government, enforcement and litigation perspective. Listen in to hear about: Cy’s background as the former Manhattan District Attorney for 12 years, including his experience focusing on cybersecurity issues and building the District Attorney Office’s capability to address emerging threats to…
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory to alert companies about potential sanctions risks when making payments in response to ransomware attacks. The advisory is in response to the demand for ransomware payments during the COVID-19 pandemic as cyber criminals have severely debilitated systems that merchants rely on to continue to conduct business. A Threat to National Security Ransomware is a form of malicious software designed…
On July 11, 2016, the Department of Health and Human Services – Office for Civil Rights (“OCR”), the office that enforces the Health Insurance Portability and Accountability Act (“HIPAA”), sent out an email detailing new guidance to help health care organizations fight ransomware attacks. These attacks are increasing in frequency and protected health information (“PHI”) held by health care organizations presents a particularly attractive target. Further details on ransomware and an outline of OCR’s guidance…