Tag Archives: DSIR

DSIR Deeper Dive: Regulatory Investigation Landscape

HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued a data request. While OCR investigations can be burdensome, few of them result in penalties. State attorneys general have … Continue Reading

DSIR Deeper Dive: The Ransomware Epidemic

Ransomware is among the most common and persistent threats faced by organizations of all sizes. In 2019, the ransomware threat landscape worsened in several significant ways: (1) average demands increased more than tenfold; (2) all industry segments saw increases in attack frequency, with stark increases seen by education and government entities; and (3) several threat … Continue Reading

DSIR Deeper Dive: Using Compromise Threat Intelligence

Organizations are under tremendous pressure to be agile and resilient. A key part of building a mature cybersecurity posture to enable the goals of the organization is conducting ongoing risk assessments and then implementing risk-prioritized measures. Organizations contact us during this process to ask what emerging threats to guard against. Our answer always includes a … Continue Reading

Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World

We are excited to present our sixth Data Security Incident Response Report (DSIR). We hope this issue finds you safe and healthy while working from home (WFH). Each year, we talk about last year’s trends and where we think the current year is taking us. Ransomware was, and continues to be, a big issue. We … Continue Reading

Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance. In fact, limitations of … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Deeper Dive: Forensics

A company’s ability to quickly and effectively conduct a forensic investigation is often critical to limiting the impacts of a data security incident, determining the scope of the incident and developing an effective communications plan. In BakerHostetler’s 2018 Data Security Incident Response Report, we analyzed over 560 data security incidents that we worked on in … Continue Reading
LexBlog