Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

FTC Increases Targeting of Companies Lacking Cyber Protection

The Federal Trade Commission (FTC) recently released a comprehensive cybersecurity report outlining key findings and recommendations based on emerging threats, trends in data breaches, and strategies for businesses to enhance their cybersecurity posture observed over the last year.

HIPAA and Cybersecurity 10 Steps You Should Take Now To Protect Your Organization

Kate Hickner sits down with Andy Jones, Brandon Pauley, and Kyle Johnson to discuss recent developments in cybersecurity and today's threat environment. Kate shares with us the HIPAA privacy tips, Andy Jones discusses the security considerations from an expert, Brandon Pauley shares with us incident response from a legal perspective, and Kyle Johnson shares with us, post-incident litigation. Be sure to subscribe to our YouTube channel to learn more!

The Rising Threat from Insiders – Get Your House in Order

As its name implies, an ‘Insider Threat’ originates inside an organization. An ‘insider’ is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. ‘Insider threat’ can manifest from malicious, complacent, negligent or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. Certainly, ‘Insider Threat’ can be an activity by a bad actor employee, but can also arise from an inadvertent or unknowing action inside an organization (such as an employee who unintentionally opens a phishing email or clicks on a malicious link).

In Cybersecurity– A Good Offense is the Best Defense

2021 has been a watershed moment for cybersecurity incidents as cybercrime has become a frequent headline and cyber criminals have thrived on unsuspecting and/or unprepared businesses and institutions. For example, the Solar Winds attack exposed sensitive data from top companies like Microsoft as well government agencies[1] and the Colonial Pipeline attack substantially disrupted the petroleum supply chain[2]. We have seen an almost 20% increase in data breaches and attacks since last year.

Construction Industry Trends and Predictions Through 2021 and Beyond: Insurance and Emerging Threats

A 2021 survey identified three key issues impacting the construction industry in 2021: (1) the financial health of contractors; (2) the continuing risk of the pandemic; and (3) technology driving productivity, but also increasing the risk of cybersecurity threats. With this backdrop, insurance premiums in the construction industry are generally on the rise in 2021.

CISA Ransomware Practices

On October 28, 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of imminent threats to US hospitals and healthcare providers. The specific threat involves RYUK Ransomware attacks. RYUK is a novel ransomware that goes undetected by commercial anti-virus/malware detection programs. Once deployed, RYUK encrypts all data and disables systems. In short, it cripples all functionality down to phone systems and automated doors. Healthcare providers should alert their employees to remain hyper-vigilant and report any suspicious activity seen in email or on networks. It has been reported healthcare providers in New York, Pennsylvania and Oregon have been targeted in the last 48 hours. If your organization encounters issues, BMD can assist in mobilizing a response team and has contacts with forensic IT firms that are familiar with RYUK. It is advisable to engage professionals with experience dealing with this specific threat.

Five Things That Owners and Boards Need to Know About Privacy and Cybersecurity Compliance

Five tips for owners and boards about privacy and cybersecurity compliance.

Healthcare Acquisitions and Divestitures During the COVID-19 Pandemic

It seems as though all aspects of our personal and professional lives have been impacted in one way or another by the COVID-19 public health emergency. Healthcare acquisitions and divestitures are no exception. Although the ramifications depend on the specific circumstances of each transaction, we are noticing certain common threads woven among recently closed and currently in progress transactions in the healthcare industry. Here are a few of the questions that often arise as we work with clients to navigate the current business landscape both during and after the COVID epidemic.

CLIENT ALERT: Ohio Incentivizes Cybersecurity Measures

On November 2, 2018, Ohio’s Data Protection Act (“DPA”) went into effect. The DPA incentivizes Ohio businesses to proactively address cybersecurity and data protection by providing an affirmative defense/safe harbor for claims related to data breach. However, the safe harbor is only applicable if the organization can prove “reasonable compliance” to the DPA.