Click to edit Master title style

Size: px
Start display at page:

Download "Click to edit Master title style"

Transcription

1 Cybersecurity: Working the Calm Before the Storm Thursday, October 9, :00 P.M. - 1:00 P.M. CST Michael E. Clark and Charles E. Harrell 10/8/ DMADMIN/ _1.PPTX

2 Legal Landscape Federal Regulation Patchwork of legislative and administrative standards Federal Trade Commission Act ( FTC Act ) Health Insurance Portability and Accountability Act of 1996 ( HIPAA ), and Health Information Technology for Economic and Clinical Health Act ("HITECH Act") Gramm-Leach-Bliley Act ( GLBA ) Federal Americans with Disabilities Act ( ADA ) Children's Online Privacy Protection Act ( COPPA ) Fair Credit Reporting Act ( FCRA ) and Fair and Accurate Credit Transactions Act ( FACTA ), Electronic Communications Privacy Act (Stored Communications Act and Wiretap Act), and Telephone Consumer Protection Act. Video Privacy Protection Act ( VPPA ) National Institute of Standards and Technology ( NIST ) 10/8/

3 Legal Landscape Federal Regulation Patchwork of legislative and administrative standards (cont.) SEC requirements Division of Corporation Finance Disclosure Guidance: Topic No. 2 Click Cybersecurity to (dated edit October Master 13, 2011) title - guidelines style for public corporations who suffer cyber attacks or data breaches, which require disclosure of material events that affect the company s operations, liquidity, financial condition, viability, product or customer lines, losses, and on-going litigation SEC Sweep Letters In 2014, the SEC has sent market participants detailed Click questionnaires, to edit called Master cybersecurity subtitle sweep style letters, asking for information about firms cybersecurity practices. Cybersecurity Roundtable SEC held roundtable discussion on March 26, Rule 13(a)-15(f) of the Exchange Act (ICFR) Adopting release effective August 14, /8/

4 Legal Landscape Federal Regulation Patchwork of legislative and administrative standards (cont.) New Legislation: Cyber Intelligence Sharing and Protection Act ( CISPA ) (passed the House on April 18, 2013) H.R. 624 (113th Congress) The bill purports to allow companies and the federal government to share information to prevent or defend against network and other Internet attacks. Under CISPA, any company can use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property of the company, and then share that information with third parties, including the government, so long as it is for cybersecurity purposes. It was designed to facilitate two-way information sharing between intelligence agencies and private businesses. It has generated significant debate as it has meaningful implications to an individual privacy rights. If enacted, it could allow the government to hold critical infrastructure businesses accountable for not making measurable improvements in their information security procedures. 10/8/

5 Legal Landscape State Regulation State Legislation 47 states have data security statutes requiring notification of breaches. Timing of Notice: Some states have a specific notice period (within days of discovery). Many states, however, simply provide that notice shall be made within a reasonable time period or without unreasonable delay. Some states include an element of harm or a trigger for notification. To Whom Notice Must be Given? 10/8/

6 Legal Landscape Government Enforcement Actions Federal Trade Commission Enforcement The FTC is the most active federal agency in enforcing consumer privacy protections and 5 of the FTC Act has been the FTC s primary enforcement mechanism. Section 5(a) of the Federal Trade Commission Act ( FTC Act ), 15 U.S.C. 45(a), prohibits unfair or deceptive acts or practices in or affecting commerce. More than 30 enforcement actions have been brought by the FTC since May Click 1, to The edit FTCMaster has brought subtitle more than style 50 in all since FTC s Health Breach Notification Rule 10/8/

7 Legal Landscape Government Enforcement Actions Federal Trade Commission Enforcement (cont.) Federal Trade Commission v. Wyndham Worldwide Corp., No , 2014 U.S. Dist. LEXIS (D.N.J. Apr. 7, 2014). This case was the first legal challenge to the FTC s enforcement authority. Wyndham moved to dismiss the Complaint arguing that the FTC s unfairness authority does not cover data security. The court disagreed, holding that the FTC s unfairness authority coexists with existing data-security regulatory scheme. On June 23, 2014, the U.S. District Court of New Jersey granted Wyndham s Motion to certify for interlocutory appeal the order denying the motion to dismiss. 10/8/

8 Cyber Insurance Introduced CYBER TIMELINE Notice Costs Covered Broad Privacy Ins. Vendor Coverage Corp Confidential Info. PCI Fines & Penalties Reg. Fines & Penalties System Full Limit Failure Policies HIPAA Gramm- Leach- Bliley 1 SB1386 PCI HITECH SEC Cyber Order (2/12/13) Sony Click to edit Master 5 Target subtitle style 6 (11/27/13-12/15/14) Card Systems Insurance History Regulatory/Industry History Claims/Losses History 1 GLB requires private financial information to be properly protected 2 $45 million credit and debit cards were stolen 3 $140MM in fines and settlements 4 Data breach ( spear phishing ) involving names of customers and addresses/affected at least 50 companies TJX 2 Heartland 3 Epsilon 4 Neiman Marcus 9 NIST Framework Ver /4/2013 (PF) 7/10/2013 (M-SD) 9/11/2013 (M-Dallas) 2/13/2014 (FF) least through version 2.0 of Framework 10/8/ Sony PlayStation/BMG s website breaches (cleanup $171MM) Homeland Security/ PPD-21 (2/12/13) 6 $165MM in cyber breach insurance 7 Michaels Stores disclosed on April 18, District court grants interlocutory appeal on June 23, NM was hacked from July to December Framework for Improving Critical Infrastructure Cybersecurity 11 NIST will continue to serve as convener and coordinator at Michaels 7 (5/8/13-1/27/14) 12 Hackers stole 4.5 million patient records by breaking into the company s network through a hole in the network created by Heartbleed 13 October 2, 2014 securities filing disclosed that a cyber attack compromised data for 76 million households and 7 million businesses 14 Employee gained access to 1600 customer s personal data records October 2014 CISPA passes House on 4/18/13, but stalls in the Senate Home Depot (9/8/2014) JP Morgan Chase 13 ATT announces internal data breach 14 10/2014) CHS of Franklin, TN 12 (8/2014) FTC v. Wyndham 8 (4/7/14) NIST Framework Ver

9 Homeland Security February 12, 2013 Chemical Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Chemical Sector. Commercial Facilities Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Commercial Facilities Sector. Communications Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Communications Sector Critical Manufacturing Sector TheClick Department toofedit Homeland Master Security is designated subtitle as thestyle Sector-Specific Agency for the Critical Manufacturing Sector. Dams Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Dams Sector. Defense Industrial Base Sector The Department of Defense is designated as the Sector-Specific Agency for the Defense Industrial Base Sector. 10/8/

10 Homeland Security Emergency Services Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Emergency Services Sector. Energy Sector The Department of Energy is designated as the Sector-Specific Agency for the Energy Sector. Financial Services Sector The Department of Treasury is designated as the Sector-Specific Agency for the Financial Services Sector. Food and Agriculture Sector The Department of Agriculture and the Department of Health and Human Services are designated as the Co-Sector-Specific Agencies for the Food and Agriculture Sector. Government Facilities Sector The Department of Homeland Security and the General Services Administration are designated as the Co-Sector-Specific Agencies for the Government Facilities Sector. Healthcare and Public Health Sector The Department of Health and Human Services is designated as the Sector-Specific Agency for the Healthcare and Public Health Sector. 10/8/

11 Homeland Security Information Technology Sector The Department of Homeland Security is designated as the Sector-Specific Agency for the Information Technology Sector. Nuclear Reactors, Materials, and Waste Sector Click The Department to edit of HomelandMaster Security is designated title as the Sector-Specific style Agency for the Nuclear Reactors, Materials, and Waste Sector. Transportation Systems Sector The Department of Homeland Security and the Department of Transportation are designated as the Co-Sector-Specific Agencies for the Transportation Systems Sector. Water and Wastewater Systems Sector TheClick Environmental to edit Protection Master Agency is designated subtitle as thestyle Sector-Specific Agency for the Water and Wastewater Systems Sector. 10/8/

12 Legal Landscape European Privacy 1995 European Union Data Protection Directive UK Data Protection Act of 1998 EU Safe Harbor Provision (2000) European General Data Protection Regulation (proposed) Article 29 Working Party Opinion on Personal Data Breach Notification 10/8/

13 Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, /8/

14 Framework Core Structure 10/8/

15 Framework Implementation Tiers 10/8/

16 Coordination of Framework Implementation The image above describes a common flow of information and decisions at the following levels within an organization: Executive Business/Process 10/8/2014 Implementation/Operations

17 NIST Initiatives 10/8/

18 Bioscience NIST will provide the measurement science, data, and tools that are needed for efficient manufacturing in biosciences and nanotechnology. NIST research in biomanufacturing will help create new manufacturing paradigms that use cells as factories for fuels, pharmaceuticals, and specialty chemicals. Data analytics/big Data Much of advanced manufacturing depends upon the ability to make at scale or integrate the use of new materials into existing manufacturing processes. NIST will continue to invest in strengthening its efforts to develop the standards and data needed to support advanced materials modeling and design. Systems Engineering The convergence of digital technologies with manufactured products, engineered systems of products, and associated services are enabling a new generation of smart manufacturing processes and equipment. As these processes have grown exponentially in complexity, new and revised standards are required to accompany dramatic improvements in systems engineering, integration, and testing. NIST supports the closer integration of robotics and humans in the manufacturing environment, and is developing a testbed to evaluate the automated in-process quality monitoring and control systems that are critical to the efficient operation of modern factories. 10/8/

19 In-Place Precision Measurement Lasers are an enabling technology for an enormous range of measurements Click in to physical edit standards, Master chemistry, title biological style systems, space-based research, and many other areas. NIST is the world leader in the development and application of ultrastable lasers. However, the coherence (or stability) of lasers has not significantly increased over the past decade despite intense world-wide research efforts. NIST researchers are developing a research program to achieve Click to laser edit frequency Master stability subtitle more than style 100 times better than the world s best lasers today, and extend optical coherence times to more than 1,000 seconds. 10/8/

20 Collaboration and Partnership NIST s new Advanced Manufacturing Technology Consortia (AMTech) program will provide financial assistance to leverage existing consortia or establish Click new industry-led to edit consortia Master to develop road-maps title of critical style longterm industrial research needs well fund research at leading universities and government laboratories directed at meeting these needs. The National Network for Manufacturing Innovation (NNMI) is a proposed network Clickoftomanufacturing edit Master innovation subtitle institutes style that would bring together companies, university and community colleges, and government to co-invest in applied research and development of cuttingedge manufacturing technologies. 10/8/

21 NIST ROADMAP FOR IMPROVING CRITICAL INFRASTRUCTURE (2/12/2014) 1. AREAS FOR DEVELOPMENT, ALIGNMENT AND COLLABORATION: a. AUTHENTICATION b. AUTOMATED INDICATOR SHARING c. CONFORMITY ASSESSMENT d. CYBERSECURITY WORKFORCE e. DATA Click ANALYTICS to edit Master subtitle style f. FEDERAL AGENCY CYBERSECURITY ALIGNMENT g. INTERNATIONAL ASPECTS, IMPACTS AND ALIGNMENT h. SUPPLY CHAIN RISK MANAGEMENT i. TECHNICAL PRIVACY STANDARDS 10/8/

22 Cyber-Security 10/8/

23 Cyber-Security/NAD There is a growing realization in the IT industry that current cyber-security technologies are losing an arms race with those who seek to launch network-based attacks. The current state of the art in Network Intrusion Detection technologies, which detect specific signatures Clickof malicious to edit software, Master cannot keep pace with title the ratestyle of innovation in attack vectors. Such schemes are inherently reactionary, requiring the identification and reverse engineering of new attacks and the near constant update of attacksignatures in global security systems. Recent advances in Network Anomaly Detection (NAD) technologies may stop this arms race by shifting the focus from identifying specific attacks toward detecting significant deviations from models of normal network behavior. A primary barrier to further NAD technology development Click and tocommercialization edit Master is thesubtitle lack of realistic style reference data and techniques for rigorous test and measurement. NIST is beginning a research program to develop methodologies to generate highfidelity, purely synthetic reference data of network traces to approximate the diversity of real network traffic that can be instrumented with controlled instances of malicious traffic. The spatial scale, application diversity, technology diversity, and temporal range that must be modeled present a significant technical challenge. 10/8/

24 Systems Engineering The computing systems that enable modern life, from the Internet to those that control critical infrastructure, are growing in both scale and complexity. The inability to measure, predict, or control macroscopic behavior in complex information Click systems can tojeopardize edit ourmaster nation s security and title cost billions style of dollars through high-profile system events such as cascading failure modes. NIST is applying its core competencies in applied and computational mathematics, measurement science, and systems engineering to characterize macro-scale structures and dynamics of large-scale interconnected systems and to understand behavior in complex information systems. 10/8/

25 Collaboration and Partnership National Cybersecurity Center of Excellence In the face of the Nation s cybersecurity challenges, NIST, with the State of Maryland and Montgomery County, established the NCCoE in The NCCoE is collaborating with experts from industry, Click government, to edit and academia Master to build standards-based title style reference designs to address common cybersecurity challenges. In 2013, the NCCoE launched its first use case to develop a platform that allows health care providers to securely collect, process, and exchange patient data. This first use case was quickly followed by four others focusing on challenges in critical infrastructure sectors including financial services and energy. In addition to sectorspecific use cases, Click the NCCoE to edit is working Master on building subtitle block solutions style that can be applied across industry sectors. Active building blocks include work on hardware roots of trusted geolocation for cloud computing, attribute-based access control, mobile device security, and software asset management. The NCCOE has attracted 19 industry partners to provide hardware, software, and expertise to aid the Center s efforts in advancing the rapid adoption of secure technologies. 10/8/

26 NIST s FY 2015 Budget Request WASHINGTON The U.S. Department of Commerce released details today about the President s fiscal year (FY) 2015 budget request to Congress for the National Institute of Standards and Technology (NIST). The FY 2015 budget request of $900 million aligns Click with theto agency s edit vision for Master expanding and strengthening title style NIST programs in a number of key national priority areas such as forensic science, lightweight vehicle alloys and bioengineering measurement tools. The request is a $50 million increase from FY 2014 enacted levels. Scientific and Technical Research and Services (STRS), $680 million The STRS request includes $29 million above FY 2014 enacted levels to allow NIST s laboratoryclick programs to toedit conductmaster measurement subtitle research andstyle services that are central to innovation, productivity, trade and public safety. Funding requests include: Measurement Science and Standards for Forensic Science Infrastructure (+$3.5 million) Cyber-Physical Systems (+$7.5 million) Advanced Materials (+$5 million) Synthetic Biology (+$7 million) Lab-to-Market (+$6 million) 10/8/

27 Healthcare and Big Data 10/8/

28 A computer can know and remember as much marketing detail about 200,000,000 consumers as did the owner of a crossroads general store about his handful of customers. I can know and select such Click personal to details edit as who Master prefers strong title coffee, style imported beer, new fashions, bright colors. Who just bought a home, freezer, camera, automobile. Who has a new baby, is overweight, got married, owns a pet, likes romantic novels, serious reading, listens to Bach or The Beatles Those marketers who ignore the implications of our new individualized information society will be left behind in what may well come to be known as the age of mass production and marketing ignorance. 1 1 Lester Wunderman, Being Direct (New York: Random House, 1996), /8/

29 The New Value Framework Right living. Patients must play an active role in their own health by making the right choices about diet, exercise, preventive care, and other lifestyle factors. Right care. Patients must receive the most timely, appropriate treatment available. Right care relies heavily on protocols, but also requires a coordinated approach with all caregivers having access Click to the same to information edit and Master working toward title the same style goal to avoid duplication of effort and suboptimal treatment strategies. Right provider. Any professionals who treat patients must have strong performance records and they should also be selected based on their skill sets and abilities rather than their job titles. For instance, nurses or physicians assistants may perform many tasks that do not require a doctor. Right value. Providers and payors must find ways to improve value while preserving or improving health-care quality. Key pathways are to link provider reimbursement to patient outcomes and implement Clicknew toprograms editdesigned Master to eliminate subtitle wasteful spending. style Right innovation. Stakeholders must focus on new therapies and approaches to health-care delivery. They should also improve the innovation engines themselves for instance, by advancing medicine and boosting R&D productivity. 10/8/

30 The New Value Framework (cont.) The value pathways evolve as new data become available, fostering a feedback loop. 10/8/

31 10/8/

32 Big Data Pitfalls 10/8/

33 Data Breaches/Release of Confidential Information Numbers Click to edit can Master be usedtitle to style evaluate doctors -- rightly or wrongly Eliminating high spending does not equate to eliminating Click to edit waste Master subtitle style Data Brokers 10/8/

34 Things happening today or very soon Pioneered more than a decade ago, devices mounted on utility poles are able to sense the radio stations being listened to by passing drivers, with the results sold to Click advertisers. to 1 edit Master title style In 2011, automatic license-plate readers were in use by three quarters of local police departments surveyed. Within 5 years, 25% of departments expect to have them installed on all patrol cars, alerting police when a vehicle associated with an outstanding warrant is in view. 2 Meanwhile, civilian uses of license-plate readers are emerging, leveraging cloud platforms and promising multiple ways of using the information collected. 3 1 ElBoghdady, Dina, Advertisers Tune In to New Radio Gauge, The Washington Post, October 25, American Civil Liberties Union, You Are Being Tracked: How License Plate Readers Are Being Used To Record Americans Movements, July, https://www.aclu.org/files/assets/ aclu-alprreport-opt-v05.pdf 3 Hardy, Quentin, How Urban Anonymity Disappears When All Data Is Tracked, The New York Times, April 19, /8/

35 Experts at the Massachusetts Institute of Technology and the Cambridge Police Department have used a machine-learning algorithm to identify which burglaries likely were committed by the same offender, thus aiding police investigators. 4 Differential Click pricing to (offering edit different Master prices to different title customers style for essentially the same goods) has become familiar in domains such as airline tickets and college costs. Big data may increase the power and prevalence of this practice and may also decrease even further its transparency. 5 The UK firm FeatureSpace offers machine-learning algorithms to the gaming industry that may detect early signs of gambling addiction or other aberrant behavior among online players. 6 4 Rudin, Cynthia, Predictive policing: Using Machine Learning to Detect Patterns of Crime, Wired, August 22, : -detect-pattern 5 (1) Schiller, Benjamin, First Degree Price Discrimination Using Big Data, Jan , Brandeis University. and (2) Fisher, William W. When Should We Permit Differential Pricing of Information? UCLA Law Review 55:1, Burn-Murdoch, John, UK technology firm uses machine learning to combat gambling addiction, The Guardian, August 1, /8/

36 Retailers like CVS and AutoZone analyze their customers shopping patterns to improve the layout of their stores and stock the products their customers want in a particular location. 7 By tracking cell phones, RetailNext offers ricks-and-mortar retailers the chance to recognize returning customers, just as cookies Click allow them to be edit recognized Master by on-line merchants. title 8 Similar style WiFi tracking technology could detect how many people are in a closed room (and in some cases their identities). The retailer Target inferred that a teenage customer was pregnant and, by mailing her coupons intended to be useful, unintentionally disclosed this fact to her father. 9 7 Clifford, Stephanie, Using Data to Stage-Manage Paths to the Prescription Counter, The New York Times, June 19, Clifford, Stephanie, Attention, Shoppers: Store Is Tracking Your Cell, The New York Times, July 14, Duhigg, Charles, How Companies Learn Your Secrets, The New York Times Magazine, February 12, /8/

37 Social media and public sources of records make it easy for anyone to infer the network of friends and associates of most people who are active on the web, and many who are not. 10 The Durkheim Project, funded by the U.S. Department of Defense, analyzes social-media behavior to detect early signs of suicidal thoughts among veterans. 11 Insight into the spread of hospital-acquired infections has been gained through the use of large amounts of patient data together with personal information about uninfected patients and clinical staff. 12 Individuals heart rates can be inferred from the subtle changes in their facial coloration that occur with each beat, enabling inferences about their health and emotional state Facebook s The Graph API (at https://developers.facebook.com/docs/graph-api/) describes how to write computer programs that can access the Facebook friends data. 11 Ungerleider, Neal, This May Be The Most Vital Use Of Big Data We ve Ever Seen, Fast Company, July 12, (1) Wiens, Jenna, John Guttag, and Eric Horvitz, A Study in Transfer Learning: Leveraging Data from Multiple Hospitals to Enhance Hospital-Specific Predictions, Journal of the American Medical Informatics Association, January (2) Weitzner, Daniel J., et al., Consumer Privacy Bill of Rights and Big Data: Response to White House Office of Science and Technology Policy Request for Information, April 4, Frazer, Bryant, MIT Computer Program Reveals Invisible Motion in Video, The New York Times video, February 27, https://www.youtube.com/watch?v=3rwycbehn3s 10/8/

38 Facial-recognition technologies are beginning to be practical in commercial and law-enforcement applications. 14 They are able to acquire, normalize, and recognize moving faces in dynamic scenes. Real-time video surveillance with single-camera systems (and some with multi-camera Click systems, to which edit can both recognize Master objects and title analyze activity) style has a wide variety of applications in both public and private environments, such as homeland security, crime prevention, traffic control, accident prediction and detection, and monitoring patients, the elderly, and children at home. 15 Depending on the application, use of video surveillance is at varying levels of Deployment Workshop on Frontiers in Image and Video Analysis, National Science Foundation, Federal Bureau of Investigation, Defense Advanced Research Projects Agency, and University of Maryland Institute for Advanced Computer Studies, January 28-29, For example, Newark Airport recently installed a system of 171 LED lights (from Sensity [http://www.sensity.com/]) that contain special chips to connect to sensors and cameras over a wireless system. These systems allow for advanced automatic lighting to improve security in places like parking garages, and in doing so capture a large range of information. 16 This was discussed at the workshop cited in footnote /8/

39 Social-network analysis is used in criminal forensic investigations to understand the links, means, and motives of those who may have committed crimes. In the realm of commerce, it is well-understood that what a person s friends like or buy can influence what he or she might buy. For example, in 2010, it was reportedclick that having one toiphone-owning edit Master friend makes a person title threestyle times more likely to own an iphone than otherwise. A person with two iphone-owning friends was five times more likely to have one. 17 There are many commercial social listening services, such as Radian6/Salesforce Cloud, Collective Intellect, Lithium, and others, that mine data from social-networking feeds for use in business intelligence. Click to edit Master subtitle 18 Coupled with social-network analysis, this information can be used to evaluate changing style influences and the spread of trends between individuals and communities to inform marketing strategies. 17 Sundsøy, P. R., et al., "Product adoption networks and their growth in a large mobile phone network," Advances in Social Networks Analysis and Mining (ASONAM), Top 20 social media monitoring vendors for business, Socialmedia.biz, social-media-monitoring-vendors-for-business/ 10/8/

40 Cyber Security Click to edit October Master 2014 subtitle style 10/8/ DM3/ _1.PPTX 40

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem. Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

Data Security: Risks, Compliance and How to be Prepared for a Breach

Data Security: Risks, Compliance and How to be Prepared for a Breach Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on

More information

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Privacy & Data Security

Privacy & Data Security Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

The Practical Realities of Cybersecurity

The Practical Realities of Cybersecurity & present The Practical Realities of Cybersecurity Best practices for crafting policies and procedures to protect your company Andrew Morentz, Member Telecommunications Law Professionals PLLC email amorentz@telecomlawpros.com

More information

CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO

CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO CLOUD SECURITY LAW MICHAEL KEELING, PE, ESQ. KEELING LAW OFFICES, PC PHOENIX AND CORONADO NOTE: Information contained in this presentation is intended for informational purposes ONLY. It is not intended

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

Clients Legal Needs in HIPAA Security Compliance

Clients Legal Needs in HIPAA Security Compliance Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith Types of Data at Stake Residents, constituents, employees PII Personally Identifiable

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

[ 2014 Privacy & Security Update ].

[ 2014 Privacy & Security Update ]. U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Data Security: Before and After a Breach Occurs Archis A. Parasharami Partner Mayer Brown LLP David Hale Chief Privacy

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

Cloudy With a Chance Of Risk Management

Cloudy With a Chance Of Risk Management Proudly presents Cloudy With a Chance Of Risk Management Toby Merrill, ACE USA John Mullen, Nelson Levine de Luca & Hamilton Shawn Melito, Immersion Ltd. Michael Trendler, ACE INA Canada What is Cloud

More information

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF October 9, 2013 1 Cyber Insurance Why? United States Department of Commerce: Cyber Insurance

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Personal Consumer Information from Cyber Attacks and Data Breaches.

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Personal Consumer Information from Cyber Attacks and Data Breaches. PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Protecting Personal Consumer Information from Cyber Attacks and Data Breaches Before the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

HCCA Compliance Institute 2013 Privacy & Security

HCCA Compliance Institute 2013 Privacy & Security HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

THE WHITE HOUSE Office of the Press Secretary

THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

More information

Cybersecurity Assessment

Cybersecurity Assessment Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance

Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com

More information

Recent Developments in Privacy/Security Litigation

Recent Developments in Privacy/Security Litigation Recent Developments in Privacy/Security Litigation Elizabeth F. Hodge February 25, 2015 Privacy & Security Enforcement HIPAA Office for Civil Rights State Attorneys General Federal Trade Commission (FTC)

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

The Evolving Legal Framework Regulating Commercial Data Security Standards

The Evolving Legal Framework Regulating Commercial Data Security Standards The Evolving Legal Framework Regulating Commercial Data Security Standards By Bret Cohen Late one evening in December 2010, an employee of a commercial blood bank left his office with four backup tapes

More information

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1 Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Managing Legal Risks in Light of Recent Security Breaches. Daniel Lim

Managing Legal Risks in Light of Recent Security Breaches. Daniel Lim Managing Legal Risks in Light of Recent Security Breaches Daniel Lim Agenda Review of Recent Data Breaches Recent Cases & Legal Standards Class Actions Consumer Data Investigations PHI, PII What To Do

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Consumer Privacy & Big Data Advice, Regulatory and Resulting Litigation Denise Banks Chief Privacy Officer BMO Financial

More information

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Consumer Information: Can Data Breaches Be Prevented? Before the

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Protecting Consumer Information: Can Data Breaches Be Prevented? Before the PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Protecting Consumer Information: Can Data Breaches Be Prevented? Before the COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON COMMERCE, MANUFACTURING,

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013 Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He

More information

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

Survivor s Guide to Data Breach

Survivor s Guide to Data Breach Survivor s Guide to Data Breach Presented by Michael S.Taaffe, Esq. Shumaker, Loop & Kendrick, LLP Sarasota (941) 364-2720 Charlotte (704) 375-0057 Shumaker Data Breach Team Sarasota, FL Michael S. Taaffe

More information

Are Data Breaches a Real Concern? Protecting Your Sensitive Information. Phillips Auction House NY- 03/24/2015

Are Data Breaches a Real Concern? Protecting Your Sensitive Information. Phillips Auction House NY- 03/24/2015 Are Data Breaches a Real Concern? Protecting Your Sensitive Information Phillips Auction House NY- 03/24/2015 1 Agenda Current Data Breach Issues & Legal Implications Data Breach Case Study Risk Management

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft FEDERAL IDENTITY THEFT TASK FORCE Attorney General Alberto Gonzales Federal Trade Commission Chairman Deborah Platt Majoras On May 10, 2006, the President signed an Executive Order establishing an Identity

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

OVERVIEW OF CYBERSECURITY LAWS, REGULATIONS, AND POLICIES: FROM "BEST PRACTICES" TO ACTUAL REQUIREMENTS DAVID THAW UNIVERSITY OF MARYLAND

OVERVIEW OF CYBERSECURITY LAWS, REGULATIONS, AND POLICIES: FROM BEST PRACTICES TO ACTUAL REQUIREMENTS DAVID THAW UNIVERSITY OF MARYLAND OVERVIEW OF CYBERSECURITY LAWS, REGULATIONS, AND POLICIES: FROM "BEST PRACTICES" TO ACTUAL REQUIREMENTS DAVID THAW UNIVERSITY OF MARYLAND BEFORE WE BEGIN These slides are (deliberately) not comprehensive!

More information

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Safeguarding Consumers Financial Data. Before the COMMITTEE ON BANKING, HOUSING, & URBAN AFFAIRS

PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION. Safeguarding Consumers Financial Data. Before the COMMITTEE ON BANKING, HOUSING, & URBAN AFFAIRS PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on Safeguarding Consumers Financial Data Before the COMMITTEE ON BANKING, HOUSING, & URBAN AFFAIRS SUBCOMMITTEE ON NATIONAL SECURITY & INTERNATIONAL TRADE

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

2015 ROBINS KAPLANLLP TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY

2015 ROBINS KAPLANLLP TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY TOOLS, TIPS, AND TRENDS: DATA PRIVACY AND CYBERSECURITY PANEL MEMBERS Stacy Bettison, Founder and President, BETTISON Candice Ciresi, Head of Stratasys US Legal and Legal Counsel to SSYS, Inc and LATAM

More information

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Guilford Medical Associates, P.A.

Guilford Medical Associates, P.A. Page 1 Guilford Medical Associates, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

Federal Trade Commission

Federal Trade Commission Federal Trade Commission The FTC s Privacy and Data Security Program: Where It Came From, Where It s Going Jessica Rich 1 Director, Bureau of Consumer Protection, FTC International Association of Privacy

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

Cybersecurity: Emerging Legal Risks

Cybersecurity: Emerging Legal Risks Cybersecurity: Emerging Legal Risks Data Breach Cyber Liability Seminar April 17, 2015 By: Tsutomu L. Johnson tj@scmlaw.com Overview of 2014 Data Breaches: JP Morgan, Home Depot, P.F. Chang s, Healthcare.gov,

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft

More information

FINAL // FOR OFFICIAL USE ONLY. William Noonan

FINAL // FOR OFFICIAL USE ONLY. William Noonan FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Outline. Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 7/10/2014

Outline. Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 7/10/2014 LeadingAge Florida s 50 th Annual Convention and Exposition Identity Fraud and HIPAA Data Breaches Criminal and Civil Enforcement Efforts Orlando, FL July 30, 2014 James Robnett Special Agent in Charge

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

Data Privacy & Security in the Cloud: Legal Basics and New Developments

Data Privacy & Security in the Cloud: Legal Basics and New Developments Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data

More information

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012 HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually

More information