Tag Archives: Cyber Risk

Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21 Podcast

Here is the latest on the Kaseya VSA supply-chain ransomware attack which is interesting because there is now strong interplay between the United States government and companies like Kaseya given the national security implications of this type of ransomware attack. Please feel free to listen to this podcast with a brief update on the government involvement in the response to this ransomware attack and on the type of directives that the federal government is now giving out through government agencies like the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. It was widely reported that the CEO of Kaseya on 1st notification of this ransomware attack contacted the federal government and spoke with national security officials at the White House and in the Department of Homeland Security. Obviously, every ransomware attack will not necessarily invoke this high-level government response, but more and more the government is involving itself in the investigation and response to these attacks which have been heavily linked to entities like REvil which is alleged to be based in Russia. Pres. Biden today allegedly called Pres. Putin to once again warn him regarding the cybersecurity attacks and he promised in the media that there would be a response from the United States. For more information on the specific CISA-FBI recommendations in response to the Kaseya VSA supply-chain ransomware attack see this link to the CISA website: https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa . See the link below for my short podcast with this update.

Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21 PIT IP Tech Cast

Here is the latest on the Kaseya VSA supply-chain ransomware attack which is interesting because there is now strong interplay between the United States government and companies like Kaseya given the national security implications of this type of ransomware attack.
  1. Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21
  2. Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach
  3. The Rise of Counterfeiting Litigation in Federal Courts

Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach

Podcast:

Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21 PIT IP Tech Cast

Here is the latest on the Kaseya VSA supply-chain ransomware attack which is interesting because there is now strong interplay between the United States government and companies like Kaseya given the national security implications of this type of ransomware attack.
  1. Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21
  2. Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach
  3. The Rise of Counterfeiting Litigation in Federal Courts

Blog:

See Kaseya CEO Video response presentation: https://www.kaseya.com/

See Updates Regarding VSA Security Incident Response: https://www.kaseya.com/potential-attack-on-kaseya-vsa/

In any Cyber incident, Data breach, hack or unwanted email intrusion, like the recent Kaseya attack, Incident Response (IR) time is of the essence. The Business and Cybersecurity Litigation lawyers at Houston Harbaugh, P.C., are here to assist in addressing the cybersecurity issues facing companies today. A comprehensive set of issues must be addressed to aid companies in minimizing the risk of cybersecurity breaches and to aid companies not if, but when, a data breach occurs. Ransomware, e-mail spoofing, text and phone call spoofing, e-mail intrusion, phishing and other schemes are running rampant in the business world. Sophisticated companies are falling prey to wire fraud schemes and ransom attacks at an alarming rate. These victims frequently turn to their insurance carriers but the maze of seeking insurer indemnity and defense for these matters is complex. Our firm can help work through that maze on both the technical side of investigation and on the mitigation side including the analysis of insurance coverage options. Our litigation lawyers are well equipped to handle IR and to tackle both the initiation of, or defense of, litigation related to these cyber security breaches and losses.

Data breaches are one of the biggest risks facing companies today. Companies must take action to prepare for the worst and to react quickly when it happens on both the technical side and the legal side. Our firm can cyber-counsel on corporate structure issues, insurance coverage, employment law, HIPAA and personal and health care data issues, and protection of data through proper technology infrastructure, technology rules and policies, corporate and employment policies and litigation if necessary. Cybersecurity takes a team to protect companies and their data through security programs, security awareness training, annual security audits and Incident Response. A cyber incident or intrusion which results in a breach of Personally Identifiable Information (PII) may trigger certain legal reporting requirements. See (Westlaw’s link): Pennsylvania Statutes 73-2301: Breach of Personal Information Notification Act. A link to the actual Pennsylvania statute can be found hereHere is a summary of the Pennsylvania Notification Act:

  • Enacted in 2006, Pennsylvania’s data breach notification law requires entities doing business in Pennsylvania that maintain, store, or manage computerized personal information of Pennsylvania residents to notify affected individuals of any data breach that results or could result in the unauthorized acquisition of their unencrypted and unredacted personal information.
  • Notice must be made without unreasonable delay
  • If more than 1,000 individuals must be notified, breached entities must also notify all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
  • Breached third parties must notify relevant data owners or licensees.
  • Substitute notice is permitted in specific circumstances and notification may be delayed for law enforcement purposes.
  • Entities which maintain their own notification procedures as part of an information security policy consistent with state law are deemed to comply with the notification requirements of this law if the entity makes notifications in accordance with its policies.
  • Financial institutions compliant with the Federal Interagency Guidance Response Programs for Unauthorized Access to Consumer Information and Customer Notice are deemed to comply with this law, as are entities that comply with relevant notification requirements of federal regulators.

Our firm can help guide you through these reporting requirements but it is best to be prepared in advance. We can help you prepare and can refer you to good technical people for up front assistance.

Data breaches are the ultimate sneak attack. A company’s computer systems can be breached for weeks, months and even years without the breach being detected. Once detected, what action must the company take? A team that includes attorneys, company executives, law enforcement, IT and human resource management should be in place and prepared to address the various problems that arise. These problems include legal issues —regulatory compliance, protection of intellectual property, recovery of losses, and litigation —technical issues, notification issues, customer relations, public relations, and insurance issues.

Houston & Harbaugh cybersecurity attorneys have presented both regionally and nationally the following topics: “The Potential Consequences of Data Breach on Compromise or Infringement of Intellectual Property” and “Protecting Your Business in the Digital Age”. To read more about this topic and to see legal resources regarding Cybersecurity and Data Breach Response, please see this website’s Resource Library. 

Contact Our Pennsylvania Cybersecurity Attorneys Today: Houston Harbaugh can help your company take action to minimize the threat from data breaches and to guide you through IR. For immediate help on data breach or ransomware response, contact HH Shareholder Henry Sneath by email now to databreach@hh-law.com or call: 1-833-511-2243   

Business Leaders Rank Cyber Risk #2 on List of Main Concerns

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Travelers Business Risk ImageTravelers Indemnity and Insurance released its annual Business Risk Index, which is a survey of the concerns of business leaders and decision makers. Not surprisingly, for 2015, Cyber Risk moved up to the number 2 concern on that list, right behind rising healthcare costs. In some industry sectors it is the number 1 concern. The Banking and Financial Services, Professional Services, and Technology sectors each ranked cyber risks as the main driver of sleepless nights.  The chart on page 3 of the survey is very instructional as to the different concerns between small, medium and large businesses. Small businesses have less concern about data breach than larger businesses, but perhaps small businesses are overlooking their vulnerability and attractiveness as targets. If they care less, they will likely protect less, and become easy targets for hackers. It should be a huge concern for all businesses in all industries as no one appears immune. If you data store or deal in Personal Identifiable Information (PII) or Personal Health Information (PHI) as part of your business, then you are a valuable target. If you have financial or credit information, or trade secrets to protect, then perhaps your competitors, foreign governments and political hackers want to look inside your data. Many insurers are now offering Cyber Risk Insurance to provide defense and indemnity against these risks. Every business should have a data breach prevention and response team of employees and outside consultants and lawyers to audit the company’s vulnerability and to set the plan for a response when a breach occurs.  See the complete Travelers Business Risk Index at: https://www.travelers.com/prepare-prevent/risk-index/business/index.aspx