Add case management platform TrialWorks to the laundry list of companies and public sector agencies that were struck and paralyzed by a cyberattack this year. And unless lawyers backed up their client files to a separate storage network, they could be frozen out of their data by TrialWorks' problems. Still, experts say there are ways to mitigate the damage.

In emails shown to Legaltech News, on Oct. 13 TrialWorks told clients it was experiencing a "hosting outage at our data center." On Oct. 14 the company disclosed it was affected by a ransomware incident. After numerous status updates, on Oct. 31 TrialWorks issued a statement further explaining while hackers were able to "significantly" diminish access to data, the data "appears to be safe and protected." Requests for comment from TrialWorks were not returned.

The incident left some lawyers and law firms without access to their data and unable to meet court deadlines.

Late last month, BleepingComputer.com reported that 14-lawyer California firm JML Law filed an extension deadline motion to the U.S. Supreme Court because of TrialWorks' server outage.

The Miami Herald also reported a similar extension motion filed by nine-lawyer Florida firm Whittel & Melton. The firm wrote in its motion to the court, "As of Oct. 24, 2019, plaintiff's counsel remains unable to access all the necessary documents required to respond," according to the article.

However, other law firms leveraging TrialWorks could face similar uncertainty about the availability of their client data, and unless they backed up their files, they will have to wait for TrialWorks to provide access to their data.

"They are screwed," said John Simek, vice president of IT service provider, digital forensics and cybersecurity firm Sensei Enterprises Inc. "At the end of the day, they are dependent on TrialWorks."

To mitigate that dependency, Simek advised lawyers to keep copies of their client files stored on local or external hard drives or on a network cloud storage.

Indeed, while Rothermel Law Firm managing member and TrialWorks user Charles Rothermel called the incident "very frustrating" he routinely updated his client files to the cloud and made PDF copies of TrialWorks' summaries. In turn, he said he wasn't severely impacted by the lockout, but he knew numerous lawyers that were.

Morgan & Morgan's class action department leader John Yanchunis noted that lawyers should request ongoing status updates from TrialWorks and contact courts with approaching deadlines beforehand about missing data.

"If you imagine a law firm where everything is electronic based, calendaring [and] getting to files could have tremendous consequences," he said.

The next step after being locked out of client data could include bringing a legal action, where lawyers could bring breach of contract and negligence claims. Yanchunis noted that "if we have a system involving ransomware, TrialWorks' information security system was not using best practice to prevent [it]."

Yanchunis suggested bringing any lawsuit as a contingent-based class action because "any type of data breach litigation comes at a tremendous cost."

However, TrialWorks' term of service agreement includes a binding arbitration clause. Additionally, the vendor limits its liability for any breach to no more than the fees paid to use TrialWorks that month.

Simek noted that such terms are common in most legal tech and general technology agreements.

Still, Bryan Cave Leighton Paisner's data response team leader Jena Valdetero noted most vendors will attempt to go beyond the requirements of their service agreement when an incident occurs.

"There is the legal response which is, 'Our contract says you can sue us for X amount of dollars,' and then there's what you do from a bigger picture perspective because you don't want to lose your clients," she said.

Valdetero noted being forthcoming with the status of the investigation and strategizing with clients to address the ransomware-induced challenges could also bolster client confidence. "It can strengthen relationships where clients say, 'It's not great I was hit with ransomware, but at the end of the day we felt informed,'" she said.

Indeed, Rothermel said TrialWorks recently announced it wouldn't charge users in December, but the company may need to do more to win over disgruntled customers.

"Ultimately what litigators want in a practice management service is something that is secure, reliable and useful. So the financial incentive may be a start but what needs to happen is a demonstration that security issues are fixed and we need confidence that this won't happen again, that's the most important thing."