Tag Archive for: Liability

Real estate and cyber liability


Spencer Macalaster

The past 36 months have been unprecedented with respect to society, work environments and political dictates. Entire companies pivoted to remote work environments in a matter of days. The consequential strain on the IT infrastructure was also unprecedented. One consequence of this new paradigm was system vulnerabilities were exposed. Every day a new company is added to the list of systems affected by a massive data breach. Hackers responsible for these types of security breaches can hold a company ransom or worse destroy their reputational credit. In the wake of the Silicon Valley Bank and Signature Bank failures, we expect bad actors to take advantage of the events to intercept wire instructions as clients and other third parties work to reroute funds to alternative banking institutions. We would like to reiterate the need to be wary of requests to change / update payment account information for invoices or any other payments to be made by the company and encourage you to remind our clients and other valued partners of the same.

Real estate owners, developers, and asset managers are in the crosshairs of those bad actors looking to monetize on cyber vulnerabilities. Massachusetts requires companies to provide comprehensive data security to all personal information stored on a server. In addition, regulators in 47 states, the District of Columbia, Puerto Rico, and the Virgin Islands require that individuals (customers, employees, citizens, students, etc.) be notified in the event their data has been lost, stolen or compromised. The most recent data breaches introduce a new twist to a company’s cyber liability exposure and potential for exposure to extortion and ransom.

Computer hacking, stolen laptops and fraud scams are the primary culprits leading to cyber liability events. Settlements can include monetary damages, credit monitoring services, hardware and software restoration, business interruption, reputational damages and ransomware payments. Companies can incur millions of dollars in expenses to secure compromised networks, assess damages, and notify customers.

Protection on any corporate database will never be 100%…

Source…

What physicians need to know about cyber liability insurance


Cyber insurance covers losses and damages resulting from patient data being stolen, exposed, held for ransom, or improperly shared. It covers deliberate actions, such as hacking or ransomware, as well as accidents, such as the loss of a laptop containing unencrypted patient information or a coding error that accidentally exposes patient data.

A comprehensive policy covers paper records, as well, as so much information is still stored in physical files.

Cyber insurance helps providers deal with the consequences of a data breach, which can range from relatively minor to catastrophic, and it covers almost any loss or expense that can be attributed to the breach. Examples include:

Paying regulatory fines and penalties.

Compensating for loss of income
from downtime or patients who leave
the practice.

Hiring information technology (IT)
experts to find and fix the breach.

Hiring a call center to handle inquiries
from patients.

Hiring a public relations firm to deal
with unwelcome publicity.

Hiring attorneys to represent the practice
in any lawsuits filed by patients (as well as any damages awarded).

Paying a ransom to free hijacked data.

Coverage typically applies only to the data and not the computer hardware a practice uses, such as laptops, smartphones, tablets or servers, which often are covered under a general business insurance policy.

A complete policy includes first-party and third-party coverage, says Marcin Weryk, head of business development for Coalition, a cyber insurance firm. First-party coverage pays for damages suffered by the policyholder, such as lost revenue, business interruption, IT forensics and data restoration. Third-party coverage compensates for damages caused to others by the data breach, such as the legal costs incurred from lawsuits filed by affected patients.

Practices that haven’t bought cyber insurance often have some coverage through their malpractice or general business policies, but it’s usually limited to approximately $30,000 in damages and contains exemptions, says Brandon Clarke, co-founder of Affenix, a brokerage specializing in cyber liability insurance.

Before deciding whether to purchase additional cyber insurance, physicians should know what coverage they…

Source…

Third-party liability for ransomware attacks: Are you covered?


 

Oliver Sepulveda, associate with Shutts& Bowen in Miami. Courtesy photo Oliver Sepulveda, associate with Shutts& Bowen in Miami. Courtesy photo

The COVID-19 pandemic has caused a massive shift in the way organizations do business and the way their employees do their work, but, as is often the case, this shift has brought about an increase in cybersecurity risks, which should not be overlooked. Much of this increased risk comes from the rise of ransomware attacks.

According to one of the largest cyber insurance providers in North America, approximately 41% of cyber insurance claims in the first half of 2020 are attributed to ransomware attacks. While one can be forgiven for thinking that cybersecurity is only a concern for large corporations, that is far from the case.

The malicious actors behind ransomware attacks do not discriminate. It is a problem that affects organizations large and small in various industries including health care, government, construction, manufacturing, legal, and education, to name a few.

Despite this increased risk, cybersecurity companies report that more than a quarter of small businesses have no plan to mitigate a ransomware attack.

For the uninitiated, ransomware is a type of malicious software that is embedded into a computer system through a variety of different methods. It encrypts the data on that system, potentially rendering that system, and any other systems that rely on that data, inoperable.

The ultimate goal of the malicious actors is to extort money, a ransom, from the victim by offering to restore the computer systems upon payment. Victims can either pay the ransom or deal with the fallout; many, at the suggestion of their cyber insurance carriers, opt to pay the ransom.

Unfortunately, when faced with a possible ransomware attack, organizations need to consider the unintended victims and the potential for liability to reliant third parties if their computer systems remain inoperable or their data is lost.

Recently, a hospital in Germany was a victim to a ransomware attack which caused the need for an emergency transport of a number of patients due to the inoperable computer systems. Tragically, one of the patients died during transport and is reported to be the first known death caused by a ransomware…

Source…

Third-Party Liability for Ransomware Attacks, Are You Covered?


Want to continue reading?
Become a Free ALM Digital Reader.

Benefits of a Digital Membership:

  • Free access to 3 articles* every 30 days
  • Access to the entire ALM network of websites
  • Unlimited access to the ALM suite of newsletters
  • Build custom alerts on any search topic of your choosing
  • Search by a wide range of topics

Click here to access the Public Notices and the Courts sections of the The Daily Business Review in PDF format.
Already have an account?

Source…