PRACTICAL EXPERTISE IN AN EVER-CHANGING THREAT LANDSCAPE
Our Privacy & Data Security team, headed by member John F. Barrett (“Jack”) has extensive practical experience in: public and private entity privacy obligations; and information security and cyber incident response. Along with the team’s experience in complex and class action litigation, it is also uniquely positioned to provide companies with full scale representation before and after a data breach, including counseling on state and federal privacy laws and regulations, investigation into the root cause of a data breach, coordination of notification obligations and representation in resulting litigation or regulatory investigations. In addition, on behalf of its clients, Bennett Bricklin has reviewed contractual arrangements between Bennett Bricklin clients and other parties to determine whether the client’s contractual obligations to report data incidents to its customers has been triggered. Bennett Bricklin’s long experience and expertise in insurance coverage matters permitted it to issue strong unequivocal opinion letters to protect the client.
The expertise of our Privacy & Data Security team extends across public and private sectors. We have experience preparing incident response plans, developing cyber policies and procedures, successfully responding to malicious threat actors on behalf of small and large businesses, and providing technical and legal counsel to companies responding to a data breach or responding to routine record (PHI/PII) requests. Bennett Bricklin has acted as counsel to firms, companies and agencies in multiple data breach incidents stemming from both social engineering/fishing, technical exploitation and lack of physical security. Jack Barrett was involved with the Office of Personal Management (OPM) attack assisting in the investigation of both the nature of the attack, scope of information lost and reporting requirements. Jack assisted in the subsequent Privacy Act notification and remediation measures. The attack was determined to be a hybrid social engineering/technical exploitation attack.
Bennett, Bricklin has investigated numerous cyber incidents that have compromised Office 365 accounts through repeated fishing and spearfishing attacks. In many cases, Bennett Bricklin has been able to determine the scope of the exfiltration of data and limit the damage to clients by determining, with the assistance of its forensic partners, the actual individuals whose information was compromised, rather than needing to notify a larger subset. Rapid retention of experts resulted in the full capture of potentially compromised data. Bennett Bricklin’s involvement in all aspects of the investigation protected all communications from disclosure. The narrowing of scope of inquiry limited the reporting requirements for clients resulting in no adverse administrative action against those clients and reduced expert costs to the carrier.
On numerous breaches, in conjunction with its forensic partners, we have been able to determine that large data sets held in SQL servers have not been exfiltrated, again limiting the cost to the carrier of the breach response and limiting the negative publicity that would otherwise affect the client. In addition, on behalf of its clients, Bennett Bricklin has reviewed contractual arrangements between its clients and other parties to determine the client’s contractual obligations to report data incidents to its customers.
Bennett Bricklin has worked with clients, including a large regional cardiology group, to assist with privacy data security consulting in advance of any breach. With its vendor partners, Bennett Bricklin has assisted clients with improvements to corporate governance, business impact assessments, business continuity plans and planning and incident response planning. We have advised clients with regard to governance and control access changes as a result of penetration testing, as well as assistance with data exfiltration controls and insider threat awareness. Bennett Bricklin’s assistance in incident response training and development of corporate policies/SOPs has ensured that data breaches are properly contained, data captured, the appropriate experts obtained, and authorities/carriers notified. All efforts are led by Bennett Bricklin’s breach counsel to be sure that further confidential information developed during the investigation is protected from disclosure.
Bennett Bricklin’s long experience and expertise in insurance law has permitted it to analyze multiple policies for its clients and identify and correct coverage gaps through additional coverage/policies or riders to existing coverage. Our analysis identified numerous gaps for clients in the area of fraudulent inducement of electronic funds transfer, an increasingly prevalent threat that can fall in a gap between traditional theft policies and cyber coverage. This advance planning has allowed Bennett Bricklin’s clients to contain damage from cyber incidents. Our team’s insurance industry experience makes it especially suited for this work. In addition, Jack Barrett has long experience in enterprise risk management and is therefore better able to understand the client’s perspectives, and its manpower, physical and monetary limitations.