Andrew P. Carroll

All articles by Andrew P. Carroll

 

Ransomware Demands Increase for Municipalities

The trend of hitting local municipalities with ransomware attacks has continued this summer, along with increased monetary demands. In a recent attack, a small city outside of Jacksonville, Florida had its computers totally disabled when a hacker infiltrated its system and demanded bitcoin in exchange for the city’s data. For several days, the city attempted to resolve the issue without paying by working with the FBI and a security consultant. While these attempts may have eventually been successful, the city ultimately determined that paying the  

Preparing Private Companies for Politically Motivated Cyberattacks

Law firms in the midst of large and publicly reported M&A deals, accounting firms during return season, and Facebook at just about any moment, should all assume that they are being targeted by hackers. However, the Department of Homeland Security’s (DHS) announcement that Iranian regime actors and proxies have been using “wiper” attacks adds a new indicator: geopolitical importance during politically sensitive times. The director of the Cybersecurity and Infrastructure Security Agency (CISA) released a tweet late last week notifying the public that Iran is…  

Vermont’s “Data Brokers” Law is a Glimpse into the Future for Many Industries

Cybersecurity has been a field where the concept of state governments acting as legislative laboratories has been observed in real time, with multiple states passing different pieces of legislation every year. One of the more unique laws passed in 2018, and effective as of January 1, 2019, is Vermont’s descriptively titled “act relating to data brokers and consumer protection.” Although unknown to most consumers, there is a booming industry of “data brokers” who act as middlemen between companies who collect data and those looking to…  

Department of Health and Human Services Releases Cybersecurity Guide for Healthcare Providers

Over a year of collaboration between the Department of Health and Human Services (HHS) and industry partners has culminated in the publication of a cybersecurity guide for medical providers of all sizes. HHS describes it as “a set of voluntary, consensus-based principles and practices to improve cybersecurity in the health sector,” that looks to “raise the cybersecurity floor” across the country. Although the guide emphasizes its wide applicability, much of the discussion appears directed at small and mid-sized providers. For example, HHS highlights a recent…  

Pennsylvania Federal Court Dismisses Law Firm’s Case Against Bank in Social Engineering Cyber Attack

The unfortunately reality of cyber theft is that it’s much like any other type of theft – even if the criminal is caught, it’s unlikely that the ill-gotten gains will ever be fully recovered. There are simply too many ways to hide their destination or make them disappear. This often means the victim will seek other avenues for recouping losses, including filing a civil action against entities or individuals who allegedly could have helped prevent the theft. In the case of O’Neill, Bragg & Staffin,  

SEC’s First Cybersecurity Enforcement Has Many Lessons

The Securities and Exchange Commission recently announced its first ever cyber-related enforcement action in a case that all companies should look at as a refresher on cybersecurity hygiene. In the Matter of Voya Financial Advisors, Inc. was brought against the publicly traded company that manages over $500 billion after a security breach through several of its brokers acting as independent contractors for the company. These brokers typically accessed Voya clients’ PII through a password protected web portal while using their own IT equipment and networks.…