Malware Incident in Philly Court that Downed Online Filing Highlights Concerns for Court Systems and Legal Community in the Future

BlogLine

Malware Incident in Philly Court that Downed Online Filing Highlights Concerns for Court Systems and Legal Community in the Future

7/11/19

By: Justin Boron

It’s back-to-normal for tech-dependent, legal professionals in the Philadelphia legal community. After a month with no access to online filing due to a malware incident in Philadelphia Court of Common Pleas, attorneys like me—who never knew a time where online filing didn’t exist—are again just a few keystrokes away from filing pleadings, motions, and briefs on time.
That means we can go back to filing mere minutes before the deadline, and it means an end to the anxiety from an uneasy dependence on staff and attorneys who still knew how to file it the ‘old-fashioned way’ — finalizing a paper brief enough in advance so that it can be mailed or walked-thru by a courier before the deadline. (It could have been worse: no one had to pull out the typewriter and white out).
But beyond the whiplash felt by tech-dependent professionals having their roles reversed with other more, tech-wary legal professionals, the malware incident announced May 21 illustrates how much online filing technology has changed the legal profession’s approach to deadlines, the need for local counsel or a reliable courier, and access to the hard copy record for court notices and pleading dockets—and how quickly its approach can regress if the system goes down.
It also exemplifies the increasing threat to public administration dependent on digital infrastructure. The Emotet/Trickbot malware has evolved from mainly targeting banks to exposing flaws in the security of critical public infrastructure like courts, utilities, and local government facilities.[1] In the last year, the City of Atlanta, the City of Baltimore, and other court systems have sustained similar incidents.
These security incidents can have serious consequences. Access to courts is a right that if deprived, can have dire consequences to criminal defendants. It can also lead to paying expensive ransoms and could result in legal exposure if the threat actors are able to access and abscond with Personally Identifiable Information.
Fortunately, Philadelphia court officials believe there was no data removed from the system. There was no reported ransom demanded, and court officials are shoring up the court’s digital security system to avoid a similar incident in the future.[2]
For other court and public administration systems tied to digital infrastructure, planning in advance of an incident will be key to how severely a security incident affects them.
As FMG has previously written on its Cyber, Privacy, and Security blog, the security incident within the City of Atlanta highlighted the importance of having adequate cyber insurance to cover the potentially high costs of breach response.[3] Routine and pre-incident assessments as well as staying informed on the ever-changing landscape of threats also are important. Likewise, it is advisable to retain breach counsel attorneys before an incident so they are familiar with the client’s systems and can move quickly to advise—within the protections of the attorney-client privilege—on steps to mitigate the harm from a security incident and to avoid legal exposure.
If you have questions or would like more information, please contact Justin Boron at jboron@fmglaw.com.
[1] https://blog.malwarebytes.com/cybercrime/2019/03/emotet-revisited-this-pervasive-persistent-threat-is-still-a-danger-to-businesses/
[2] https://www.inquirer.com/news/philadelphia-courts-virus-hackers-russia-20190621.html?outputType=amp
[3] https://www.fmglaw.com/FMGBlogLine/insurance/city-hacks-atlantas-2018-cyberattack-and-the-growing-need-for-cyber-liability-insurance/.

Save Print