LATEST INSIGHTS

Cybersecurity / Emerging Issues

Potential Storms A-Brewin’ for Countries Enjoying the Calm of the EU Cyber Safe Harbor

EU law provides that personal data from the EU can only be transferred to countries that can ensure adequate protection of that data. The European Commission has authority to designate certain countries as “safe harbors” based on the domestic law of that country or that country’s international commitments. The EU Commission granted the United States safe harbor status. However, the European Court of Justice recently held that while the European Commission has authority to make these decisions, they are not binding on individual EU country… Continue Reading
Cyber Risk

HIPAA’s Application to Digital Media

Recent media attention to the disclosure of Personal Health Information (PHI) concerning Lamar Odom provides a reminder that the Health Insurance Portability and Accountability Act (HIPAA) applies broadly to digital photographs and other electronic data, whether or not the disclosure is inadvertent. Goldberg Segalla attorneys Seth L. Laver, Jessica L. Wuebker and Kenneth M. Alweis have developed three useful steps to improve privacy and security programs and policies to account for these potential HIPAA violations, which can be read here on the firm’s Professional Liability Continue Reading
Cybersecurity / Legislation

Controversial Cybersecurity Information Sharing Act Passes Senate, Will Likely Become Law

On October 27, 2015, the United States Senate passed S.754, the Cybersecurity Information Sharing Act (CISA or the Act) 74-21. Without requiring such information sharing, CISA would create a system for federal agencies to receive threat information from private companies in real time. However, the bill is not without controversy. As we discussed in August the Department of Homeland Security raised concerns in July and August that the “real time collaboration” requirement in CISA would not permit them to scrub personal information… Continue Reading
Cyber Attacks

Sony Cyberattack Lawsuit Settles for $8 Million and Establishes the New Mass Tort Class Action

The emergence of the cyber attack class action as the new mass tort was further evidenced when Sony, less than one year after the first class action was filed, has agreed to pay up to $8 million to reimburse current and former employees for losses, preventative measures and legal fees related to last year’s data breach. The agreement must still be approved by a federal judge in the Central District of California, but, under the proposed terms, Sony will pay “up to $10,000 a… Continue Reading
Cyber Breach

On the Rise: Cyber Breach Actions Take Center Stage

Yet another class action lawsuit has been filed following a cyber attack, this time against Excellus Health Plan Inc. and Lifetime Healthcare Inc. in federal court for the Western District of New York. The lawsuit was brought by self-proclaimed “New York City’s largest personal injury and mass-tort plaintiffs’ law firm” and the former employer of New York’s disgraced Assembly Speaker Sheldon Silver, who reportedly collected about $4 million in bribes and kickbacks during his employment, Weitz & Luxenberg P.C., as co-counsel with Faraci Lange LLP.… Continue Reading
Cybersecurity / Emerging Issues

Out of Security Concerns, Navy Tells Midshipmen to Look to the Stars

The United States Navy is now requiring its midshipmen to learn a skill that seems more relevant in the 19th Century rather than the 21st century: how to navigate by the stars. The training is limited to just a few hours, but will serve a critical function. Computers aboard a ship are susceptible to cyber attacks and Navy personnel need a backup system should the computers fail. On the open ocean, this means looking to the stars. The Navy taught celestial navigation until… Continue Reading
Cyber Breach

Not If, But When: Another Health Insurer Hacked

This post first appeared on Goldberg Segalla’s Insurance & Reinsurance Report blog. In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus BlueCross BlueShield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack. Hackers took information on approximately 10 millions customers including seven million from Excellus and three million from… Continue Reading
Cybersecurity / Insurance

NAIC and CSIS Host Cyber Risk Conference

On September 10, 2015, the National Association of Insurance Commissioners (NAIC) and the Center for Strategic and International Studies (CSIS) hosted a conference entitled “Managing Cyber Risk and the Role of Insurance.” Over 300 individuals attended, including more than 30 insurance regulators, senior representatives from the U.S. Departments of Treasury and Homeland Security, and representatives from the private sector. The primary focus of the conference was to explore how the insurance industry can assist in mitigating the damages that result from a cyber… Continue Reading
Cyber Attacks / Cyber Breach / Emerging Issues

Data Breach “Sky Is Falling”

Much like Chicken Little, data breach vendors and pundits continue to decry that the data breach sky is falling!  But is it?  A group of researchers set out to answer this very question. “Neither size nor frequency of data breaches has increased over the past decade,” concludes a new statistical analysis by Benjamin Edwards, Steven Hofmeyr and Stephanie Forrest presented during the June 2015 Workshop on the Economics of Information Security in the Netherlands. Instead, the three argue, the increases that have attracted recent media… Continue Reading
Cyber Attacks / Cyber Breach / Cyber Risk / Cybercrime / Emerging Issues

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with… Continue Reading