Skip to main content

February 5, 2023

Volume XIII, Number 36

National Law Review
  • Login
  • Mdn
  • FB
  • twt
  • link
  • home
  • rss
  • logo
  • Publish / Advertise with Us
    • Publish
    • Advertise
    • Publishing Firms
    • E Newsbulletins
    • Law Student Writing Contest
    • Contact Us
    • Terms of Use
    • Privacy Policy
    • Join Our Team
    • Search
  • Trending Legal News
    • Most Recent
    • Legal News Podcast
    • What's Trending
    • Type of Law
      • Antitrust Law
      • Bankruptcy & Restructuring
      • Biotech, Food & Drug
      • Business of Law
      • Construction & Real Estate
      • Cybersecurity Media & FCC
      • Election & Legislative
      • Environmental & Energy
      • Family, Estates & Trusts
      • Financial, Securities & Banking
      • Global
      • Health Care Law
      • Immigration
      • Insurance
      • Intellectual Property Law
      • Labor & Employment
      • Litigation
      • Public Services, Infrastructure, Transportation
      • Tax
      • White Collar Crime & Consumer Rights
    • E Newsbulletins
    • Legal Educational Events
    • NLR Blog
    • Search
  • About Us
    • About the NLR
    • NLR Team
    • Publishing Firms
    • E Newsbulletins
    • NLR Thought Leadership Awards
      • 2018
      • 2019
      • 2020
      • 2021
      • 2022
    • NLR Blog
    • Contact Us
    • Terms of Use
    • Privacy Policy
    • Search
  • Contact Us
    • Contact Us
    • E Newsbulletins
    • Publish
    • Advertise
    • Law Student Writing Contest
    • Search
  • Quick Links
    • Legal News Podcast
    • Type of Law
      • Antitrust Law
      • Bankruptcy & Restructuring
      • Biotech, Food & Drug
      • Business of Law
      • Construction & Real Estate
      • Cybersecurity Media & FCC
      • Election & Legislative
      • Environmental & Energy
      • Family, Estates & Trusts
      • Financial, Securities & Banking
      • Global
      • Health Care Law
      • Immigration
      • Insurance
      • Intellectual Property Law
      • Labor & Employment
      • Litigation
      • Public Services, Infrastructure, Transportation
      • Tax
      • White Collar Crime & Consumer Rights
    • E Newsbulletins
    • Legal Educational Events
    • Law Student Writing Contest
    • NLR Blog
    • Contact Us
    • Search
  • ENEWSBULLETINS

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

3

New Articles
Bottom Row Image
Advertisement

February 04, 2023

Subscribe to Latest Legal News and Analysis
  • Increase in Large and Small Shareholder Activists by: Joel I. Papernik and Ivan J. Presant
  • New York Courts Continue to Assert Personal Jurisdiction over Foreign... by: Shin Y. Hahn
  • 9 Famous and Groundbreaking Black Lawyers in History by: Sarah Bottorff

February 03, 2023

Subscribe to Latest Legal News and Analysis
  • Preparing for New Consumer Privacy Laws in Colorado, Connecticut and... by: Elliot R. Golding and Kathryn Linsky
  • Cal/OSHA’s COVID-19 Prevention Non-Emergency Regulation Is Now in... by: Karen Tynan and Jennifer Yanni
  • Court of Chancery Holds That Corporate Officers Owe Duty of Oversight by: Nathan E. Barnett and Ethan H. Townsend
  • Illinois Supreme Court Rules All BIPA Claims Are Subject to Five-Year... by: Kevin M. Cloutier and David M. Poell
  • Regulatory Focus on Investor Side Letters by: Cadwalader, Wickersham & Taft LLP
  • CMS Finalizes Long-Awaited Rule on Medicare Advantage RADV Audits by: Ankur J. Goel and Jeremy Earl
  • USCIS Starts Issuing 48-Month I-829 Petition Receipt Notices by: Luna Ma
  • NLRB General Counsel Seeks to Restrict Employers’ Right to... by: Juan Larios and Catherine Kang
  • Can a Federal Court Refuse Recognition of a Nondomestic Arbitral... by: Max B. Chester and Charles W. Niemann
  • Decathlon Wins Almost 3 Million RMB in Chinese Trade Dress Dispute... by: Aaron Wininger
  • Will U.S. Supreme Court Place an Undue Hardship on Employers When It... by: Stephanie L. Adler-Paindiris and Stephanie E. Satterfield
  • Beltway Buzz, February 3, 2023 by: James J. Plunkett
  • UK Regulation of Cryptoassets – Another Glimpse but Still None the... by: Judith E. Rinearson and Kai Zhang
  • NYC Council to Consider Expanding the City’s Pay Transparency Law to... by: Allan S Bloom and Evandro C Gigante
  • FRB Issues Policy Statement on Permissible Activities of State Member... by: Daniel Meade and Rachel Rodman
  • Listen to Your Critics: SEC Commissioner Considers the Future of... by: David A. Lopez-Kurtz
  • Illinois Supreme Court Rules Privacy Act Claims Have Five Year... by: Anne E. Larson and Harry J. Secaras
  • FTC Raises Threshold for HSR Merger Reporting by a Record $10.4... by: Timothy Z. LaComb
  • Attention New York Medicaid Providers: It’s Time to Upgrade Your... by: Carmen Jule and Jessica Sonpal
  • Bipartisan Bill to Ban Most Non-Compete Agreements Reintroduced in U.... by: Clifford R. Atlas and Erik J. Winton
  • OFCCP Identifies Contractors Whose EEO-1 Data Will Be Released on... by: Guy Brenner and Olympia Karageorgiou
  • ESG Litigation Update: Climate- and Carbon-Focused Litigation by: J. Michael Showalter and Jane E. Montgomery
  • Sixth Circuit Expands Retaliation Protections For Employees... by: Grant T. Pecor and Aaron Vance
  • USCIS Announces Extension of Validity of Certain Green Cards by: Alexandra LaCombe
  • Minnesota’s New CROWN Act Becomes Law: State Now Prohibits... by: Cynthia A. Bremer and Colin H. Hargreaves
  • Bankruptcy Court Finds Cannabis Employee Not Entitled to Chapter 13... by: Jane Haviland
  • FDA Announces Qualified Health Claim for Cocoa Flavanols in High... by: Food and Drug Law at Keller and Heckman
  • EEOC Hears Testimony Concerning Employment Discrimination in... by: Jesse R. Dill and Simone R.D. Francis
  • Deploying A Holistic Approach to Automated Employment Decision-Making... by: Michelle Capezza and Corbin Carter
  • Robo-Rights: As AI Art Takes Over, Who's the Real Artist in the... by: Anthony V. Lupo and Dan Jasnow
  • FY 2024 H-1B Cap Initial Registration Period Will Be Open from March... by: Immigration & Compliance
  • US Executive Branch Update – February 3, 2023 by: Stacy A. Swanson
  • Revamping of Cosmetics Regulation and Safety by: John E. Wyand and Jennifer Tharp
  • Energy & Sustainability Washington Update — February 2023 by: R. Neal Martin
  • $31 Million Medicare Fraud Scheme Results in Two Convictions by: D. Jacques Smith and Randall A. Brater
  • Ten Minute Interview: Minority Direct Investments [VIDEO] by: Brian L. Lucareli and Glenn Singleton
  • New Year – New Hurdles by: Robert T. Dumbacher
  • GoodRx to Pay $1.5 Million in First Ever FTC Health Breach... by: Hunton Andrews Kurth’s Privacy and Cybersecurity
  • How Not To Get Your Start In Banking by: Keith Paul Bishop
  • SEC Commissioner Questions ESG Investing by: Jacob H. Hupart
  • Additional Nelson Mullins Alerts by: Nelson Mullins Government Relations
  • Europe: UK Regulator Issues New Recommendations to Firms on Consumer... by: Andrew J. Massey
  • Lohngleichheit bei Teilzeitbeschäftigung by: Dr. Thomas Gennert and Lisa Scheipers
  • All Things Chemical® Podcast: What to Expect on Capitol Hill and at... by: Lynn L. Bergeson
  • EPA Requests Nominations for SAB; Members May be Asked to Participate... by: Lynn L. Bergeson and Carla N. Hutton
  • Pflicht zur ESG-Kundenbefragung gilt zukünftig auch für... by: Annabelle Juliette Rau
  • DOE Awards $118 Million to Accelerate Domestic Biofuel Production by: Lynn L. Bergeson and Carla N. Hutton
  • Illinois Supreme Court Eliminates Possibility of One-Year Statute of... by: Nadine C. Abrahams and Jody Kahn Mason

February 02, 2023

Subscribe to Latest Legal News and Analysis
  • Comment Period for FTC’s Proposed Ban on Non-Compete Agreements Ends... by: Joseph F. Lavigne and Thomas P. Hubert
  • New York Adopts Final Commercial Financing Disclosure Regulations by: Moorari Shah and A.J. S. Dhaliwal
  • What’s New in 5G - February 2023 by: Angela Y. Kung and Christen B'anca Glenn
  • Breaking News: OFCCP Posts List of Contractors Whose EEO-1 Data Will... by: Laura A. Mitchell
  • Once, Twice, Gone: After Two Ballot Initiatives, D.C.’s Minimum Wage... by: Christopher R. Williams
  • TCPA ATDS CIRCUS CONTINUES: “Borden was wrongfully decided and... by: Eric J. Troutman
  • Gold Dome Report – Legislative Day 12 2023 by: Stanley S. Jones, Jr. and Helen L. Sloat
  • Governor Shapiro Takes Action to Improve Permitting Efficiency Within... by: David J. Raphael and Brianna K. Edwards
  • FinTech Prevails in Texas “True Lender” Challenge by: Moorari Shah and A.J. S. Dhaliwal
  • India Budget 2023: Growing the Economy! by: International Tax Team Nishith Desai Associates
  • President Biden Announces the End of the COVID-19 Emergencies: The... by: Edward S. Kornreich and Matthew J. Westbrook
  • NY DFS Releases Custodial Guidance on Crypto Insolvency by: Moorari Shah and A.J. S. Dhaliwal
  • CMS’s Final Rule on Medicare Advantage Risk Adjustment Data Validation by: Jason E. Christ and Teresa A. Mason
  • Celsius Bankruptcy Case: February 2, 2023 by: Stephen A. Rutenberg and Jonathan E. Schmalfeld
  • Texas "Two-Step" Forward, Three Steps Back for Mass Tort... by: Mark E. Dendinger and Jonathan Lozano
  • COVID-19 May Be Over, but Fight Over the Federal Contractor Vaccine... by: Patrick R. Quigley and Aron C. Beezley
  • FTC Non-Compete Ban: Don’t Panic! (But Be Prudent and Prepare) by: Lee Van Voorhis
  • BOEM Publishes Proposed Renewable Energy Modernization Rule by: E. Carter Chandler Clements and Jason A. Hill
  • World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak by: Linn F. Freedman
  • You Can’t Always Get What You Want: Funding Supply Not Meeting... by: Louis Lehot
  • Proprietary Ink: How One Tattoo Artist Took Take-Two to the Mat Over... by: Gene Markin
  • BREAKING: Illinois Supreme Court Sets Five-Year Statute of... by: David J. Oberly and Christina Lamoureux
  • California AG Announces CCPA Compliance Efforts by: Kathryn M. Rattigan
  • Update: Fifth Circuit Again Reins in HISA by: Rodman Law and Madeline Orlando
  • Securities Class Action Filing Activity Fell for Third Straight Year... by: Alexander “Sasha” Aganin
  • Here Come the Legislators – U.S. Senators Reintroduce Legislation... by: Erik W. Weibust
  • New Nursing Home Inspection Reporting Policy Seeks to Foster... by: Wes Scott and Christine Burke Worthen
  • Supreme Court Punts on Attorney-Client Privilege Question by: Andrew R. Roberson and Kevin Spencer
  • 7 Key Value-Adding LOI Terms by: John F. Golembesky and Robert T. Hogan
  • Podcast: The PACE Program – What Changes May Be Coming Soon? –... by: Health Care and Life Sciences Practice Group
  • Fed Board Denies Crypto Firm’s Bid to Join Federal Reserve System by: Moorari Shah and A.J. S. Dhaliwal
  • ISO 31700: The Latest Tool to Operationalize (GDPR) Privacy by Design... by: Diletta De Cicco and Lucija Vranesevic
  • ESG and the Commercial Real Estate Industry: Financing Options and... by: Ankit Shrivastava and Kinnon McDonald
  • New Group Practice Information Form for the Stark Law’s Self-Referral... by: Rachel E. Yount
  • Social Media Enables Social Engineering Scams by: Linn F. Freedman
  • Sweeping Protections for Pregnant and Nursing Workers by: Elizabeth C. Rubenstein
  • Dirty Steel-Toe Boots, Episode 14: Nonmanagement Access During an... by: Phillip B. Russell and Frank D. Davis
  • Managing Long-term Sickness Webinar – Follow-up questions answered (... by: Helen Adams
  • Pay Equity in Washington: Pay Transparency Comes to The Evergreen... by: Nancy Gunzenhauser Popper and Ann Knuckles Mahoney
  • Strings Attached: No Amendment for Trademark Application in Inter... by: Joshua Revilla
  • The Practical Effects of the Building Safety Act 2022 by: Kevin Greene and Ruth Y. Chang
  • SCOTUS to Hear Significant Religious Accommodations Case by: Kevin J. White
  • SECURE 2.0 Series Part 8: New Lost and Found Program and an Increase... by: Keith A. Dropkin
  • Privacy Tip #359 – GoodRx Settles with FTC for Sharing Health... by: Linn F. Freedman
  • Food and Chemicals Unpacked: Extended Producer Responsibility: EPR... by: Packaging Law at Keller and Heckman
  • DHS Guidelines Give Protection from Deportation to Undocumented... by: Keith Covington and Anne R. Yuengert
  • Garland Memo May Provide White Collar Defendants Increased... by: Eoin P. Beirne and Edmund P. Daley
  • An Assessment of FinCEN’s Uniform Beneficial Ownership Information... by: Erin Reeves McGinnis and Ethan Rosenfeld
  • 340B Covered Entities May See Access Changes to Contrast Media,... by: Emily J. Cook and Anisa Mohanty
  • 10 Tips When Hiring a Federal Appeals Lawyer by: Dr. Nick Oberheiden
  • Retailers Must Be Careful With Private Label Credit Card Advertising by: Phyllis H. Marcus and Samuel J. Thomas
  • EU Tightens Checks on Vanilla Extract from US by: Food and Drug Law at Keller and Heckman
  • Design Patent Holders Rejoice, but Challengers Face an Uphill Battle by: Michael D. Pegues and Clement A. Asante
  • Eight Ways to Make Sure Your Marketing Efforts Don’t Feel Like... by: Stefanie M. Marrone
  • CFPB Updates Mortgage Servicing Exam Procedures by: Jason R. Bushby and Christy W. Hancock
  • Michigan Employers Need Not Amend Their Paid Sick Leave Policies and... by: Adam S. Forman and Daniel (Danny) R. Simandl
  • "Open Sesame” Without Translation Won’t Open Door to Trademark... by: McDermott Will & Emery
  • Priorities, Priorities – FINRA Publishes Its Annual Report of Focus... by: Michael E. Pastore and Taylor M. Carter
  • Death by One Thousand ‘Instances’: OSHA’s New Instance-by-Instance... by: Adam Roseman and Michael T. Taylor
  • SEC Division of Corporation Finance Releases Updated Financial... by: Erin Reeves McGinnis
  • Consumer-Facing Algorithmic Pricing Cases by: Gregory J. Casas and Emily Willis Collins

Article By

Linn F. Freedman

Robinson & Cole LLP
Data Privacy + Security Insider
Robinson & Cole Law Firm Logo

Related Practices & Jurisdictions


  • Communications, Media & Internet
  • Criminal Law / Business Crimes
  • Consumer Protection
  • All Federal
  • Printer-friendly
  • Email this Article
  • REPRINTS & PERMISSIONS
Tweet
Advertisement

Managed Service Providers Hit with Ransomware Attacks

Thursday, November 7, 2019

Cyberliability insurance provider Beazley Insurance Company has analyzed its internal breach response data and determined that in its experience, there has been a thirty-seven percent (37%) increase in ransomware attacks this most recent quarter from the last quarter of 2019. Twenty-five percent (25%) of those incidents were against managed service providers (MSPs).

An MSP assists small- to medium-sized businesses with IT infrastructure and services, either on site periodically, or virtually. MSPs provide services to numerous clients, and support clients remotely to provide the services in a cost-effective way. Often, MSPs are small businesses as well, and don’t have the resources to combat persistent cyber-attacks. Hackers know that these MSPs are supporting numerous clients, and target MSPs to gain access to multiple organizations. If the MSP gets hit with a ransomware attack, the result may be that not only is the MSP’s own system down, but it cannot provide ongoing cybersecurity services for its clients, including patching and other critical security measures. Furthermore, when an MSP is the victim of ransomware, its customers may not have access to their own data, and MSPs may request that their customers assist with paying the ransom in order to regain access to their data.

Unfortunately, when an MSP suffers a cyber attack or security intrusion, the incident may also be a reportable data breach, which then could be the responsibility of the customer. Security incidents are difficult to respond to in your own system, let alone trying to coordinate with an MSP in the middle of a crisis.

All in all, when your MSP is the victim of a security incident or a data breach, it often becomes your problem, too. Here are some tips to consider when outsourcing your IT function to an MSP:

  • Complete data security due diligence on the MSP

  • Confirm that the MSP has cyber liability insurance

  • Negotiate and require the MSP to sign a contract that includes, for instance, (this list is not exhaustive, but may be helpful)

    • Prompt notification of any security incident that affects the confidentiality, security or integrity of your data and cooperation and coordination;

    • Indemnification and reimbursement for all costs associated with a security incident or data breach, including first- and third-party claims;

    • No limitation of liability for a security incident, ransomware attack or data breach;

    • Encryption of sensitive data both at rest and in transit;

    • Compliance with all applicable state and federal laws relating to data privacy and security; and

    • Termination in the event of a security incident or data breach, with provisions for an orderly transition to a new provider.

  • Confirm that the MSP has contingency operations and disaster recovery processes in place in the event of a security incident, ransomware attack or data breach. and that it has tested them

These are just some examples of things to consider when choosing an MSP. The key takeaway is not to choose your MSP based on cost alone. You get what you pay for, and picking the cheapest MSP may not serve you well in the long run. Understand that MSPs are being targeted, which means your data are at risk. Talk to your MSP about how it is protecting its own system and your data, feel comfortable that the MSP is the right choice for you, and document obligations and responsibilities in a written contract to protect yourself in the event of an incident. Many companies simply sign the contract given to them by the MSP, but these form contracts do not have provisions that can be needed to protect you in the event of an incident. The contract with your MSP is a high-risk contract, and therefore, needs special attention.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 311
  • Printer-friendly
  • Email this Article
  • REPRINTS & PERMISSIONS
Advertisement

Latest Legal News & Analysis

Increase in Large and Small Shareholder Activists
Mintz
New York Courts Continue to Assert Personal Jurisdiction over Foreign Banks
Sheppard, Mullin, Richter & Hampton LLP
9 Famous and Groundbreaking Black Lawyers in History
Lawmatics
Preparing for New Consumer Privacy Laws in Colorado, Connecticut and Utah
McDermott Will & Emery
Cal/OSHA’s COVID-19 Prevention Non-Emergency Regulation Is Now in Effect After...
Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
Advertisement

TRENDING LEGAL ANALYSIS

Decathlon Wins Almost 3 Million RMB in Chinese Trade Dress Dispute for Store Design
By
Schwegman, Lundberg & Woessner, P.A.
Will U.S. Supreme Court Place an Undue Hardship on Employers When It Decides Groff...
By
Jackson Lewis P.C.
Beltway Buzz, February 3, 2023
By
Ogletree, Deakins, Nash, Smoak & Stewart, P.C.
UK Regulation of Cryptoassets – Another Glimpse but Still None the Wiser
By
K&L Gates
NYC Council to Consider Expanding the City’s Pay Transparency Law to Mandate...
By
Proskauer Rose LLP
FRB Issues Policy Statement on Permissible Activities of State Member Banks While...
By
Cadwalader, Wickersham & Taft LLP
Advertisement

Upcoming Legal Education Events

How To…Comply with Obligations to Caregiver Employees
Tuesday, February 7, 2023
Healthcare Fraud & Abuse: 2022 Year in Review
Tuesday, February 7, 2023
REACH 30/30 February 8, 2023
Wednesday, February 8, 2023
TSCA 30/30 Webinar - February 8, 2023
Wednesday, February 8, 2023

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Linn F. Freedman
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

[email protected]
401-709-3353
www.rc.com
Advertisement
Advertisement
Advertisement
National Law Review
  • Antitrust Law
  • Bankruptcy & Restructuring
  • Biotech, Food, & Drug
  • Business of Law
  • Election & Legislative
  • Construction & Real Estate
  • Environmental & Energy
  • Family, Estates & Trusts
  • Financial, Securities & Banking
  • Global
  • Health Care Law
  • Immigration
  • Intellectual Property Law
  • Insurance
  • Labor & Employment
  • Litigation
  • Cybersecurity Media & FCC
  • Public Services, Infrastructure, Transportation
  • Tax
  • White Collar Crime & Consumer Rights
  • Coronavirus News
  • Law Student Writing Competition
  • Sign Up For NLR Bulletins
  • Terms of Use
  • Privacy Policy
  • FAQs

 

As a woman owned company, The National Law Review is a certified member of the Women's Business Enterprise National Council

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

Copyright ©2023 National Law Forum, LLC