Author Archives: James M. Paulino II

Forty Percent Increase in New York State Data Breaches

On Wednesday, May 4, 2016, New York State Attorney General Eric T. Schneiderman announced a 40 percent increase in reports of data breaches during 2016 as compared with the same time frame last year. As in a growing number of states and federal agencies, New York’s Information Security Breach & Notification Act, enacted in 2005, requires all individuals and organizations conducting business in New York to report any unauthorized access to personal information to affected individuals, law enforcement and other government officials. According to the…

Continue Reading....

Cybersecurity Down on the Farm

The FBI and Department of Agriculture have issued a Private Industry Notification to increase awareness among farmers that growing reliance on precision agriculture technology, aka “smart farming,” brings increased vulnerability to cyberattacks. While the notification did not suggest attackers could gain control of physical machinery, unauthorized access to farm-level data regarding crop availability and pricing could be used to exploit US agriculture resources and market trends. Earlier this year, for example, the USDA and Microsoft hosted a worldwide competition to design data visualization tools that…

Continue Reading....
Data Protection

Inadvertent Data Breach May Trigger Insurer’s Duty to Defend

As previously posted, in many instances of data breach, information was exposed due to the negligent actions of someone within the organization, as opposed to an external and malicious cyberattack.  This week, the Fourth Circuit held that that the inadvertent disclosure of data from within the company can constitute a “publication” triggering an insurer’s duty to defend. Goldberg Segalla attorneys Colin B. Willmott and Jonathan L. Schwartz provide a complete analysis of the decision in Travelers Indemnity Company of America v. Portal Healthcare Solutions,

Continue Reading....

A Strong Case for Mobile Device Management

The San Bernardino County government paid for, but never installed, a feature allowing employer access to any employee mobile devices. If the installation of the new feature was done, the current legal and philosophical battle between Apple and the FBI over how to access shooter Syed Rizwan Farook’s iPhone may have been avoided. What’s more, the county not only had the software, but also a longstanding policy eliminating any expectation of privacy by the employee: “No User Should Have an Expectation of

Continue Reading....
iStock_000010623991_Medium

Iranians Use Cellular Modem to Hack Suburban NYC Dam

Any machine, if it’s connected to the internet, can be hacked; including the automated equipment controlling dams, steel mills and nuclear power facilities. As we previously reported here, criminals were able to take control of a German steel mill’s computerized production system, forcing an unscheduled shut-down causing “massive damage” in 2014. Likewise, in 2010, a cyberattack was able to disable Iran’s uranium enrichment centrifuges by targeting the software installed in the electronic equipment. This week, the Wall Street Journal reported that in 2013, Iranian…

Continue Reading....
Jablonski-John_s-web

The Burden of Establishing “Injury” in Data-Breach Class Action Lawsuits

Contrary to the predictions of various commentators, John Jablonski of Goldberg Segalla’s Cyber Risk and Social Media Practice Group explains how recent federal court decisions continue to hold a high standard for proving standing in data breach class action lawsuits. As John concludes in an article for Claims Management: “Standing may be easier for class-action plaintiffs to demonstrate if their data was hacked, but as these cases demonstrate, surviving a standing motion is not always as easy as commentators predicted it would be in…

Continue Reading....
Night hospital ward

HIPAA’s Application to Digital Media

Recent media attention to the disclosure of Personal Health Information (PHI) concerning Lamar Odom provides a reminder that the Health Insurance Portability and Accountability Act (HIPAA) applies broadly to digital photographs and other electronic data, whether or not the disclosure is inadvertent. Goldberg Segalla attorneys Seth L. Laver, Jessica L. Wuebker and Kenneth M. Alweis have developed three useful steps to improve privacy and security programs and policies to account for these potential HIPAA violations, which can be read here on the firm’s Professional Liability

Continue Reading....
Stacks of 20 dollars banknotes

Sony Cyberattack Lawsuit Settles for $8 Million and Establishes the New Mass Tort Class Action

The emergence of the cyber attack class action as the new mass tort was further evidenced when Sony, less than one year after the first class action was filed, has agreed to pay up to $8 million to reimburse current and former employees for losses, preventative measures and legal fees related to last year’s data breach. The agreement must still be approved by a federal judge in the Central District of California, but, under the proposed terms, Sony will pay “up to $10,000 a…

Continue Reading....
iStock_000010623991_Medium

On the Rise: Cyber Breach Actions Take Center Stage

Yet another class action lawsuit has been filed following a cyber attack, this time against Excellus Health Plan Inc. and Lifetime Healthcare Inc. in federal court for the Western District of New York. The lawsuit was brought by self-proclaimed “New York City’s largest personal injury and mass-tort plaintiffs’ law firm” and the former employer of New York’s disgraced Assembly Speaker Sheldon Silver, who reportedly collected about $4 million in bribes and kickbacks during his employment, Weitz & Luxenberg P.C., as co-counsel with Faraci Lange LLP.…

Continue Reading....
US Navy

Out of Security Concerns, Navy Tells Midshipmen to Look to the Stars

The United States Navy is now requiring its midshipmen to learn a skill that seems more relevant in the 19th Century rather than the 21st century: how to navigate by the stars. The training is limited to just a few hours, but will serve a critical function. Computers aboard a ship are susceptible to cyber attacks and Navy personnel need a backup system should the computers fail. On the open ocean, this means looking to the stars. The Navy taught celestial navigation until…

Continue Reading....