- Journal Archives
- Volume 18
- Volume 17
- Volume 16
- Volume 15
- Volume 14
- Volume 13
- Volume 12
- Volume 11
- Volume 10
- Volume 9
- Volume 8
- Volume 7
- Volume 6
- Volume 5
- Volume 4
- Volume 3
- Volume 2
- Volume 1
Last week the American Bar Association adopted a new resolution urging all organizations in the private and public sector to enhance their cybersecurity protocols. Resolution 109 recommends several cybersecurity standards and notes that security failures often arise when these standards are not fully implemented or maintained.
This is particularly timely in light of the recent data breach at Community Health Systems (CHS) the day before the ABA passed Resolution 109. CHS is a leading operator of general acute care hospitals around the nation. It owns, operates, or leases 206 hospitals in 29 states with approximately 31,100 beds. On August 18, CMS reported to the Securities Exchange Commission that hackers using malware stole the personal data of nearly 4.5 million patients. The stolen patient data included birth dates, names, social security numbers, and addresses. News reports indicate that the cyberattack was initiated via the OpenSSL Heartbleed vulnerability that also led to the exposure of over half a million secure servers earlier this year.
In the case of CMS, highly sensitive medical data was not stolen, but this does not mean that the personal data stolen does not put its patients in danger. Hackers collect and sell personal information through black markets until they have enough information about an individual to open up new credit cards, redirect mail, drain bank accounts, and perform many other illegal acts through identity theft. A large data breach can also jeopardize an organization’s reputation and the trust of its clients, patients, and customers. The infamous Target Corp. data breach has cost the company over $200 million in expenditures, has led to a $1.02 billion drop in net earnings, and has caused a major restructuring of company’s leadership.
Resolution 109 urges all organizations to reexamine their cybersecurity standards and practices, but it calls particular attention to the vulnerability of law firms to cyberattacks. Law firms often retain very sensitive client information, and the ABA notes the significant risks facing law firms as technology progresses and hackers become more sophisticated. The ABA Model Rules of Professional Conduct note that “a lawyer’s duty of competence includes keeping abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” As law firms continue innovating with new technologies they are increasingly at risk of exposure to new and unexpected malwares and hacker technologies, like the CMS was last week. Law firms must diligently maintain, reassess, and update security measures to protect clients’ personal information.
Cybersecurity is not something to be taken lightly and recent data breaches have shown how vulnerable large and sophisticated organizations can be to cyberattack. The ABA’s Resolution 109 does not solve the problem, but it does serve as a timely reminder of how important cybersecurity is to all industries, including the legal industry.
Tagged with: ABA • American Bar Association • control of personal information • cyber attack • cyber crime • cyber security • cyber threats • cyberattack • cybersecurity • data breach • data breach notification • data protection law • data security • Model Rules of Professional Conduct • personal data collection • SSL
Recent Blog Posts
- Centralizing Cybersecurity in the Digital Age
- Justice Department Deals a Blow to Songwriters
- If You Build It, They Will Come: Baseball and the Reopening of Cuba
- First Circuit Aligns With Third: Actavis Extends Beyond Cash Settlements
- Current Issues in Technology Law: Dr. Asma Vranaki Analyzes Data Privacy Regulation in the Context of Facebook Advertisements
- Vanderbilt Journal of Entertainment & Technology Law Rises in National Law Journal Rankings
Tagsadvertising antitrust Apple books career celebrities contracts copyright copyright infringement courts creative content criminal law entertainment Facebook FCC film/television financial First Amendment games Google government intellectual property internet JETLaw journalism lawsuits legislation media medicine Monday Morning JETLawg music NFL patents privacy progress publicity rights radio social networking sports Supreme Court of the United States (SCOTUS) technology telecommunications trademarks Twitter U.S. Constitution