CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Posts Tagged ‘hackers’

Smart Cities Face Hacking Threat

Posted on: August 15th, 2018

By: Ze’eva Kushner

As you sit in traffic, frustrated and wondering why the city or municipality cannot do something to ease congestion, know that a city’s use of internet-connected technology to make your commute better may also invite hackers to wreak havoc on your city.

Traffic is just one of many problems that “smart cities” use internet-connected technology to address.  A smart city can set up an array of sensors and integrate their data to monitor things like air quality, water levels, radiation, and the electrical grid.  That data then can be used to automatically inform fundamental services like traffic and street lights and emergency alerts.

Smart city technology provides many benefits to city management, including connectivity and ease of management.  However, these very same features make the technology an attractive target for hackers.  In a recently released white paper, IBM revealed 17 vulnerabilities in smart city systems around the world.  Some of these risks were as simple as failing to change default passwords that could be guessed easily, bugs that could allow an attacker to inject malicious software commands, and others that would allow an attacker to sidestep authentication checks.  Additionally, use of the open internet rather than an internal city network to connect sensors or relay data to the cloud presents an opportunity for hackers.

Atlanta is an example of a smart city that is attempting to improve its efficiency by employing smart city technology, with its focus being mobility, public safety, environment, city operations efficiency, and public and business engagement.  Atlanta knows all too well how crippling a hack can be, as it suffered from the ransomware attack in the Spring that kept residents from services such as paying their water bills or traffic tickets online.  The hacking threat to smart cities is real and significant.

If you have any questions or would like more information, please contact Ze’eva Kushner at [email protected].

Cyberrisks to Contractors and Securing Proper Coverage

Posted on: June 29th, 2018

By: Barry Brownstein

Increasingly sophisticated hackers have targeted personal and business data held by companies like Target Corp., Sony Corp., Equifax Inc. and Yahoo Inc. during the past decade. The construction industry is just as susceptible to these risks as any other industry.  As construction projects increase in size and there is more sharing of data related to buildings and projects, and as more of that sharing becomes electronic, cyberrisks increase as well.

Contractors and their business partners hold personal information about their clients and employees, and they are increasingly using more electronic means to exchange data and survey construction projects. A significant threat for companies in the construction industry comes from the open and increasingly connected network between those in charge of a project and their various subcontractors and business partners, who need swift and seamless access to plans and other sensitive data to do their part of the work.

Many companies in the construction industry assume that since they have policies that cover losses stemming from physical and property damage, any infiltration into their systems that result in the loss of access to sensitive information is covered by such insurance.  However, most commercial general liability policies carve out cyberthreats from coverage.  While contractors can still make claims under more traditional policies and may find that some of their losses are covered, relying solely on these protections may be dangerous and result in uncovered losses.

Specialized cyberinsurance can fill in the gaps left by commercial general liability policies that do not account for losses caused by damage to virtual information systems, and ensure that any damages, injuries or delay caused by downstream contractors or business partners are covered as well. Once policies are in place, contractors need to revisit them regularly to account for changes in the cyberthreat landscape as they relate to the construction industry.

If you have any questions or would like more information, please contact Barry Brownstein at [email protected].

Supreme Court Declines to Hear Data Breach Standing Case

Posted on: February 23rd, 2018

By: Amy C. Bender

The ongoing issue of when a plaintiff has grounds (“standing”) in data breach cases saw another development this week when the U.S. Supreme Court declined to weigh in on the debate.

CareFirst, a BlueCross BlueShield health insurer, suffered a cyberattack in 2014 that was estimated to have exposed data of 1.1 million customers. Affected customers filed a federal class action lawsuit in the District of Columbia claiming CareFirst failed to adequately safeguard their personal information. CareFirst asked the court to dismiss the case, arguing that, since the customers had not alleged their stolen personal data had actually been misused or explained how it could be used to commit identity theft, the customers had not suffered an injury sufficient to give them standing to sue and the court therefore lacked jurisdiction to hear the case. The court agreed with CareFirst and dismissed the case. Notably, in this particular breach, CareFirst maintained the hackers had not accessed more sensitive information such as the customers’ Social Security or credit card numbers, and the court found the customers had not alleged or shown how the hackers could steal the customers’ identities without that information. In other words, the mere risk to the customers of future harm in the form of increased risk of identity theft was too speculative.

The customers appealed this decision, and the appellate court reversed, finding the district court had read the customers’ complaint too narrowly. The appellate court reasoned that the customers actually had asserted their Social Security and credit card numbers were included in the compromised data and that they had sufficiently alleged a substantial risk of future injury.

In response, CareFirst filed a petition with the Supreme Court asking it to review the appellate decision. This would have been the first pronouncement on this issue from the high court in a data breach class action lawsuit, a move long-awaited by lower courts, lawyers, and their clients in order to gain more clarity on the application of prior decisions like Spokeo in the specific context of data breach litigation. However, the Supreme Court denied the request (without explanation, as is typical).

As we have reported here and here, courts continue to grapple with the contours of standing in data breach cases. We will continue to monitor and report on developments in this still-evolving area of the law.

If you have any questions or would like more information, please contact Amy Bender at [email protected].

 

Electronic Medical Records – IT Guides for a New Frontier

Posted on: August 27th, 2012

By: Michael Eshman
It is clear that electronic medical records and exchanges are the wave of the future in healthcare. For better or worse, the electronic management and maintenance of files and records will transform the healthcare industry.

In December 2011, Georgia Health News reported on the medical revolution coming with online records and the statewide exchange Georgia is building with the help of a $13 million federal grant. In addition to the economic factors driving the change, in our prior blog post titled “Electronic Medical Records – Saving More Than Trees,” we noted that a recent Harvard study found medical malpractice claims dropped in Massachusetts after doctors began using electronic records. There are great rewards and incentives to adopt electronic medical records and to be part of the expanding record exchanges, both for the quality of care that can be provided to patients and for the economics and efficiency of practice management.

However, any practice using electronic medical records should lean heavily on trusted IT professionals to ensure the privacy and security of the records. As noted by Georgia Health News in the column linked above, the Ponemon Institute reports that the number of reported medical data breaches has increased by 32 percent since 2010.

In a recent brazen attack, hackers accessed the computer network of a small practice in Lake County, Illinois, but instead of merely stealing and reposting the records, they encrypted the records and posted a digital ransom note for payment in exchange for the password. It is unclear whether the records were backed-up, but if not, the hackers effectively held hostage the medical records of patients.

As more practices move to electronic records, and as medical record exchanges expand nationwide, the incidents of attempted hacks will likely increase, and it will fall to the practices and the administrators of the exchanges to manage the risk associated with maintaining and sharing electronic records. Electronic records and exchanges are part of the new frontier for medical providers, and there are great benefits to be gained from the advancements. But providers are wise to focus on the issues of data management and security and to lean on trusted IT professionals and risk managers for guidance.

Thoughts and questions are always welcome.