What Keeps Lawyers Up at Night? Data Breaches
"We are behind the curve in addressing the issue," said Jamie Sullivan, a partner with Howard, Kohn, Sprague & Fitzgerald in Hartford.
August 13, 2019 at 03:29 PM
5 minute read
With attacks on law firms and their clients on the rise, attorneys say lawsuits over cybersecurity are the next big litigation trend.
Two midsized companies have approached Shipman & Goodwin about the ever-looming problem in the past three weeks, according to Connecticut partner Mark Ostrowski. Both had been attacked. And dozens more have sought consultations in the last year after falling victim to data breaches.
“It’s only a matter of time before we are really litigating those issues,” Ostrowski said.
That’s why Shipman & Goodwin is attempting to get ahead of the issue, creating a data privacy and protection practice group to keep up with the growing demand from local governments, businesses and individuals seeking legal advice, input and solutions. The firm hired two attorneys to work full-time in the practice group, three others who devote about 75% of the time to data breaches and other cybersecurity issues, and two additional lawyers who spend about half their time focused on cyberthreats to municipalities and schools.
“You must get out in front of the issue,” Ostrowski said.
Not doing so could be detrimental—both in terms of client trust and financial exposure.
Consumer credit reporting agency Equifax Inc. learned this the hard way in July, when it reached a $1.4 billion settlement in multidistrict litigation involving 147 million consumers exposed to a massive data breach in 2017. New Jersey-based laboratory testing company Quest Diagnostics also found itself subject to a putative class action by Florida plaintiffs law firm Morgan & Morgan, and at the center of two probes by the attorneys general of Connecticut and Illinois, after a breach that might have exposed nearly 20 million clients to hackers.
Law firms aren’t immune either.
In February, The American Lawyer disclosed a report detailing how a U.S. firm had fallen victim to an alleged Chinese hacking. Earlier, Philadelphia firm O’Neill, Bragg & Staffin had lost a fight to claw back more than $500,000 transferred from its account after one of the firm’s principals was hacked. Meanwhile, the American Bar Association’s ABA Journal has reported, “Law firms have been victims of some of the most damaging hacks in recent history,” listing five major firms from around the world targeted between 2012 and 2017. The Wall Street Journal also illustrated the problem, with a report showing hackers had accessed the files of some of the country’s largest law firms, including Cravath, Swaine & Moore and Weil, Gotshal & Manges.
Having a plan in place could help lessen litigation exposure, advises Pullman & Comley partner Tim Ronan.
Ronan recommends that law firms and their clients purchase cybersecurity insurance, hire experts to create plans to lock down their technology systems in case of attacks, and implement a protocol for suspected or actual breaches.
Another key consideration: Ensure suppliers and vendors have similar safeguards in place, because these companies could shoulder the blame if their negligence allows a security breach.
“It’s pretty complex,” Shipman & Goodwin’s Ostrowski said. ”It’s complex from a technical standpoint with emerging technologies, dealing with a criminal element not just across state borders but also across international borders, and it’s complex because there is a myriad of regulatory reporting requirements.”
|‘Behind the Curve’
Adding to the complexity: the scope of the crime that has spread across multiple sectors, including retail, finance and health care.
In 2018, for instance, the health care sector saw 15 million patient records compromised in 503 breaches, three times the amount seen in 2017, according to the Protenus Breach Barometer, which represents a quarterly snapshot of disclosed breaches impacting the health care industry. As of July 2019, the numbers had skyrocketed with potentially more than 25 million patient records breached, according to Protenus.
“Because of the times we live in and the internet and the advances in technology, there is a new concern about privacy that just did not exist before,” said Jamie Sullivan, a partner with Howard, Kohn, Sprague & Fitzgerald in Hartford. “I think we are behind the curve in addressing the issue.”
Sullivan, who recently gave a seminar on the topic of cybersecurity and what law firms themselves need to do to prevent a hack, said some law firms still have not purchased cybersecurity insurance, instituted plans to safeguard their data and client information, or taken other precautions.
Another key step: Devising a plan for immediately notifying clients, as the American Bar Association recommends, in the event of a breach.
“That’s … where the expense could kick in,” Sullivan said. “Some firms might have thousands of clients.”
Related stories:
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllEnzo BioChem Settles With NJ, Other States for $4.5M Over Health Data Breach
4 minute read44 Class Actions: Lawsuits Are Flying Over a Data Breach. But Can They Succeed?
5 minute readTrending Stories
- 1Court System Seeks Public Comment on E-Filing for Annual Report
- 2Foreign-Company Lobbyists Would Need to Register Under Proposed DOJ Regulation
- 3'Fancy Dress': ERISA Claim Accuses Plan Administrator and Cigna Affiliates of Co-Pay Maximizer Scheme
- 4The American Lawyer's Top Stories of 2024
- 5Semiconductor Component Maker Accused of Deceiving Investors About Market Downturn, Export Curbs
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250