Cyber Liability Insurance Feed

In September of 2013, the HIPAA Omnibus Rule became effective. The purpose of the Omnibus Rule was to strengthen the privacy and security of patients’ Protected Health Information (PHI) by, among other things, expanding the HIPAA privacy and security obligations of healthcare organizations to business associates of healthcare organizations. Business associates are those outside entities that create, receive, maintain or transmit protected health information in the course of performing functions on behalf of a covered entity. 45 CFR §161.103 Subpart (1)(ii). Lawyers and law firms become business associates when they receive PHI from covered entity clients or organizations in the... Read more →


Calling all Android and Apple users: If you haven't grabbed that latest update for your mobile device, then you may be vulnerable to a remote attacker that could potentially access restricted memory or applications on your phone when it connects to a rogue Wi-Fi access point. Late September, both Android and Apple released a patch to fix this vulnerability in the Broadcom Wi-Fi driver chipset. Although Android states that they have had no reports of active customer exploitation or abuse of these newly reported issue, they strongly urge users to update to the latest version. Their SEP 25 release catches... Read more →


The landscape of data privacy and cybersecurity is constantly changing and evolving. So too is the role of technology in the practice of law and hence, the risk to lawyers and their clients, associated with such technology. It should be no surprise that cyberattacks targeting law firms continue to increase. Law firms hold valuable client information including, trade secret information, proprietary information, financial information and even protected health information. Often, such information is more vulnerable in the hands of law firms than the clients they represent due to less stringent security measures. As a profession, we must strive to uphold... Read more →


In the wake of latest Petya and WannaCry cybersecurity breaches, it has become readily apparent that law firms are not immune to cyberattacks. In fact, they are becoming a target. Law firms must now become akin to the companies they defend when it comes to countering cyberattacks. The difference is law firms have ethical rules that require confidentiality of attorney-client and work-product information. Clients, particularly those in regulated industries, expect law firms to be securing their data by the same standards that they have in place in their own organizations. Why Law Firms and What Duty Do They Have? Probably... Read more →


Attorneys are highly educated, trained to be thoughtful, analytical, and most importantly skeptical. It will come as a surprise then that attorneys are also particularly vulnerable as a group to certain internet scams, in part because of the way that most attorneys obtain clients and in part because of ethical codes imposed on the profession. Scam artists have in turn become efficient and sophisticated in targeting the vulnerabilities of lawyers. Despite repeated warnings from bar associations and legal publications, many unsuspecting and otherwise mindful attorneys still fall prey. This article explores three (3) internet scams specifically targeting attorneys: 1. “Fake... Read more →


In today’s digital age, technological advances continue to be developed on both ends of the cyber security spectrum- security parameters on one end and ways to breach those parameters on the other. However, despite the constant push for cybersecurity, cyberattacks, hacking scandals and phishing campaigns have become more prevalent in recent years. This is particularly true for law firms. For example, last year in February 2016, 46 law firms in the U.S. and U.K. were notified that the known hacker organization Oleras was employing phishing services through a Russian website.1 This phishing scam from Oleras has been linked to the... Read more →