Cybersecurity affects all aspects of business operation; major incidents can grind operations to a halt and have significant impact to the bottom line. Every enterprise is vulnerable to hackers and social engineers, and our firm assists in addressing cybersecurity matters in both a proactive and reactive role. Aside from our deep expertise in cybersecurity matters, our collective experience in workplace law, commercial litigation, privacy, and business legal matters makes our firm particularly well suited to provide holistic guidance in a variety of legal subject matters entwined with cybersecurity issues.
On the proactive side, we develop strategies (with accompanying policies and workplace training) to minimize corporate cybersecurity risk. We speak geek, and work in tandem with information technology professionals and consultants to make sure information security practices are cost-effective, manageable, and provide commercially reasonable protections. In the event of a breach, our clients are best positioned to rapidly address triage and to take advantage of applicable legal remedies to mitigate harm- as well as to address breach-related workplace, privacy, business, and litigation issues.
On the reactive side, our attorneys are on call 24/7 to assist clients in handling a breach. We can quickly and efficiently address large-scale breaches and have solid working relationships with most major forensic response, public relations, notification, credit monitoring vendors, and law enforcement agencies. We have served as breach coach and litigation counsel in many high-profile and large-scale matters across the country and we routinely assist as breach coaches, quarterbacking all aspects of the data breach lifecycle from coordination with law enforcement, working with insurers, providing assistance in obtaining and directing forensic investigators, all the way through preparation and circulation of legally required notification to affected individuals and regulatory authorities, as well as addressing any associated regulatory investigations and litigation matters.
Our firm also prides itself on providing effective “lessons learned” following breach matters, facilitating conversations with boards of directors and high-level management to direct improvements in data breach prevention and response associated with changes in corporate culture, policies, procedures, and personnel.
We protect businesses before, during, and after an attack—providing legal guidance, resources, and deep expertise in the cyber landscape. Aside from our deep expertise in cybersecurity matters, our collective experience in workplace law, commercial litigation, privacy, and business legal matters makes our firm particularly well suited to provide holistic guidance in a variety of legal subject matters entwined with cybersecurity issues.
Representative experience includes our representation of a public body corporate in a high-profile breach involving unauthorized access to the personal information of several hundred thousand children, as well as coordination with law enforcement, regulatory authorities, media, and regulatory authorities throughout the breach, the representation of a major children’s hospital in a series of information security incidents resulting in no-fine findings from the Department of Health and Human Services Office of Civil Rights (OCR HHS) after a lengthy investigation and regulatory process, representation of a major pharmaceutical services company in a regulatory investigation with OCR HHS in responding to false allegations of information systems compromise by a foreign governmental entity resulting in a no-fine finding by OCR HHS, representation of a children’s hospital in addressing issues and an OCR HHS investigation associated with unsecured medical pager devices and the compromise of a patient information associated with the same, the representation of a pediatric health system based in Florida in addressing and revising information security policies, as well as addressing small-scale data security issues associated with lost physical copies of patient data, and intrusions associated with the pediatric health system’s information systems.
It further includes the representation of a prominent not-for-profit in a cyber intrusion seeking to redirect approximately $7 million in funds through hacking of a CFO email account, with the successful prevention of the redirection of funds, the representation of a home medical equipment provider in incident response and law enforcement notification associated with a large-scale employee information, representation of three law firms as breach coach in addressing all aspects of investigation, incident response, and notification associated with data breaches, the representation of a national mortgage lender as breach coach and counsel in addressing, classifying, and taking all steps congruent to a variety of compromises on a regular basis associated with the mortgage lender’s business operations, representation of an international data services provider in acting as breach coach for the unauthorized access to a wide variety of employee information, and the accompanying notification tasks associated with the unauthorized access, the representation of a major hospital system in Florida in addressing a variety of small-scale breach issues associated with information security incidents, as well as the creation of all corresponding information security policies and breach notification rubrics for the hospital system.
Our experience also includes the representation of a number of entities, in the real estate, gaming, publication, health care, and legal serrvices industries in matters involving fraudulent wire transfers associated with cybersecurity incidents, as well as accompanying litigation associated with the fraudulent transfers. It also includes epresentation of a national health care provider headquartered in Florida associated with a phishing scam resulting in the disclosure of all employee W2 information, including U.S. and Canadian employees, as well as the representation of a national outpatient radiological service provider in in addressing a variety of small-scale breach issues associated with information security incidents, as well as the creation of all corresponding information security policies and breach notification rubrics for the provider, and work on multitude of small matters involving O365 compromises, phishing attempts, wire redirections, and other matters involving coordination with law enforcement public relations and crisis communications firms, forensic vendors, credit monitoring, and identity protection services vendors.