Tag: Ohio | SpinSafe

Huber Heights, Ohio, Suffers Ransomware Attack on Systems

November 14, 2023/in Internet Security

A number of government services are unavailable in Huber Heights, Ohio, following a ransomware attack over the weekend on the city of 40,000 near Dayton.

The ransomware was initially discovered at the city’s dispatch center early Sunday, but public safety departments are now running normally after switching to a Montgomery County location, local news reported. The city reiterated in an online update that “public safety services remain unimpacted.”

Meanwhile, the attack has affected city divisions for economic development, engineering, finance, human resources, tax, utilities and zoning, the city said. This prevents residents from paying utility bills online; as such, the city is suspending late penalties and disconnections through the end of November. Residents can still pay now by bringing cash or check, alongside their billing receipt, to the water department office.

City Manager Rick Dzik said in the online announcement that the city expects services to remain impacted for “at least a week.” According to local news, the city has declared a state of emergency.

Dzik said the city will post updates on the situation daily at 2 p.m. on its website, www.hhoh.org, and on Facebook. The incident is not impeding the city council meeting scheduled for Tuesday, which will livestream on the city Facebook page at 6:00 p.m.

The city is working to determine what data may have been compromised and will notify those found to be affected.

The ransomware attack hit the city at 8:13 a.m. Sunday, Nov. 12, per the city. Dzik told local news station WKEF that he received a call at noon that some computers at the dispatch center were experiencing issues.

“They had called in our on-site or city IT department, to start investigating which is when they discovered there was some ransomware installed on a few computers,” Dzik told the outlet.

Per the city, the IT department is coordinating with state, local and federal law enforcement as well as third parties as it investigates the incident.

Source…

Ohio Supreme Court Upholds Denial of Coverage for Ransomware Attack Losses

January 31, 2023/in Internet Security

The Ohio Supreme Court recently reversed the decision of an appellate court and reinstated the trial court’s grant of summary judgment in favor of an insurer and against an insured company on the company’s claim for breach of contract and bad faith denial of insurance coverage relating to damages arising from a ransomware attack.

In so ruling, the Ohio Supreme Court held that because a ransomware attack caused no “direct physical loss of or damage to” the company’s software — a requirement for coverage under the policy at issue — the insurer was not responsible for covering the resulting loss.

A copy of the opinion in EMOI Servs., L.L.C. v. Owners Ins. Co. is available at: Link to Opinion.

As background, the insured company became the target of a ransomware attack when a hacker illegally gained access to the company’s computer systems and encrypted files needed for using its software and database systems. After looking into the timing and financial feasibility of recovering the files through the assistance of a third-party company, the insured company decided to pay the ransom.

At the time of the ransomware attack, the company was insured under a businessowners insurance policy issued by the defendant insurer. Thus, the insured company’s general manager contacted the insurer to file an insurance claim within a day of the attack. However, the insurer denied coverage because, among other reasons, there was no “direct physical loss of or damage to ‘media’,” as defined in the electronic-equipment endorsement in the policy.

The policy’s electronic-equipment endorsement provided:

When a limit of insurance is shown in the Declarations under ELECTRONIC EQUIPMENT, MEDIA, we will pay for direct physical loss of or damage to “media” which you own, which is leased or rented to you or which is in your care, custody or control while located at the premises described in the Declarations. We will pay for your costs to research, replace or restore information on “media” which has incurred direct physical loss or damage by a Covered Cause of Loss. Direct physical loss of or damage to Covered Property must be caused by a Covered Cause of Loss.

Furthermore, the…

Source…

Ohio State improves surveillance and safety in parking garages

March 2, 2022/in Mobile Security

Ohio State improves surveillance and safety in parking garages | Security Magazine

Source…

Reach Of Ohio Ransomware Ruling Limited To Policy At Hand | Zelle LLP

January 20, 2022/in Internet Security

Law360 Insurance Authority
January 19, 2022

To read this article in PDF form, click here.

We are still in the relatively early stages of jurisprudence addressing the insurability of loss stemming from data breaches.

Compared to the more developed body of case law interpreting coverage provisions and exclusions contained in more traditional property insurance policies, case law exploring coverage issues under so-called silent cyber or stand-alone cyber policies is sparse.

As such, when any new decision does come down in this arena, it sparks commentary.

This was true for the recent Ohio appellate court decision in EMOI Services Inc. v. Owners Insurance Co.,[1] in which the Ohio Court of Appeals’ Second Appellate District reversed the common pleas court’s summary judgment ruling in favor of the insurer and allowed the insured’s silent cyber claim to proceed.

The majority’s decision in EMOI has come under fire by the insurance bar for being results- oriented and ignoring precedent. Conversely, policyholder attorneys have lauded the decision, going so far as to claim that EMOI stands for the proposition that a policy insuring physical loss or damage does not require physical alteration of property.

But are these criticisms and characterizations fair? And what lessons can we take from this rare and candid discussion by a court grappling with the bounds of insurance coverage for data loss?

EMOI’s holding was dependent on very specific policy language.

In EMOI, a medical billing company sustained a ransomware attack, paid the ransom, decrypted most of its data and then sued its property insurer for claimed business interruption losses and alleged damage to computer software.

Careful review of the appellate court’s decision in EMOI indicates that its holding was entirely dependent on the unique language of the Owners’ electronic equipment endorsement contained in the policy at issue.

That endorsement covered “direct physical loss of or damage to ‘media,'” where media was defined as “materials on which information is recorded such as film, magnetic tape, paper tape, disks, drums, and cards.”

Importantly, the definition section goes on to state that “media” includes “computer…

Source…

Tag Archive for: Ohio