Major cybersecurity incidents can grind business operations to a halt. We assist clients in preventing and mitigating the effects of breaches, as well as addressing legal issues associated with unauthorized access to data. We combine deep expertise and enthusiasm in cybersecurity with our strengths in workplace law, commercial litigation, privacy, and business legal matters to deliver comprehensive solutions that reduce business risks.
On the preparation side, we consult on strategy, policy and procedure development, and training to minimize organizational and financial risk. In tandem with information technology professionals we conduct a risk management analysis to ensure that information security practices are manageable, cost-effective, and provide commercially-reasonable protections. We position clients for rapid triage in a breach incident and equip them to act on applicable legal remedies to mitigate harm and address breach-related workplace, privacy, business, and litigation issues. In the aftermath of a breach, we facilitate meetings with boards of directors and senior management to share lessons learned to assess the need for changes in company culture, policies, procedures, and personnel.
Our attorneys are on call 24/7 to assist clients in handling a breach. We have close working relationships with major forensic response investigators, public relations firms, credit monitoring vendors, and law enforcement agencies in the cybersecurity ecosystem. We have served as breach coach and litigation counsel in high-profile and large-scale matters across the United States, including the management of required notification to affected individuals and regulatory authorities.
We represented a public body corporate in a high-profile breach involving unauthorized access to the personal information of several hundred thousand children; we coordinated with law enforcement, regulatory authorities, and media during the breach. We represented a major hospital in a series of information security incidents; after a lengthy investigation and regulatory process, the Department of Health and Human Services Office of Civil Rights (OCR HHS) found that no fines were applicable. The OCR HHS also issued a no-fine finding in connection with our representation of a major pharmaceutical services company whose information systems were alleged to have been compromised by a foreign governmental entity.
Our firm represented a children’s hospital in connection with an OCR HHS investigation of unsecured medical pager devices and the compromise of patient information. For a Florida-based hospital system we advised in revising and drafting information security policies and procedures, addressed minor data security issues associated with lost physical copies of patient data, and addressed information systems breaches.
We represented a prominent not-for-profit in a cyber intrusion seeking to redirect approximately $7 million by hacking the CFO email account; the attempt was thwarted. We represented a home medical equipment provider in a large-scale incident involving employee information; we provided incident response and law enforcement notification services.
Our collective experience includes acting as breach coach for three law firms in addressing all aspects of investigation, incident response, and notification associated with data breaches. We acted as breach coach for a national mortgage lender and counseled in addressing, classifying, and responding to a variety of compromises on a regular basis associated with the company’s business operations.
We acted as breach coach for an international data services provider for the unauthorized access to voluminous employee information; we handled the notification tasks associated with the breach and troubleshooting collateral business issues. We represented a major Florida hospital system in addressing numerous small-scale breach issues associated with information security incidents; we also created corresponding information security policies and breach notification rubrics. Our collective experience also includes representation of a nationwide academic medical center with thousands of physicians nationwide in addressing information security and privacy issues on a regular basis.
We have represented a number of entities in the real estate, gaming, publishing, health care, and legal services industries in matters involving fraudulent wire transfers associated with cybersecurity incidents, as well as accompanying litigation associated with the fraudulent transfers.
We represented a national health care provider headquartered in Florida in a phishing scam resulting in the disclosure of all W2 information of U.S. and Canadian employees. We represented a national outpatient radiological service provider in addressing numerous small-scale breach issues; we created corresponding information security policies and breach notification rubrics for the client.
We have worked on scores of small matters involving O365 compromises, phishing attempts, wire redirections, and other matters involving coordination with law enforcement, public relations and crisis communications firms, forensic vendors, and credit monitoring and identity protection services vendors.
Our firm stands ready to guide our clients in times of crisis, and in calmer moments, we ensure that our clients are in the best possible cybersecurity posture.