We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Podcast: A Conversation with Andy Rotherham on Hot Topics in Education for 2023
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
No Password Required: Threat Researcher at Cisco Talos and a Veteran of the Highest-Profile Cyber Incidents Who Roasts His Own Coffee Beans
Innovation in Compliance - The Role of Backup Systems in Cybersecurity Defense with Curtis Preston
Cyber Threats
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
Hinshaw Insurance Law TV – Cybersecurity Third and Final Part: Ransomware
Can Cyber Investigations Be Canned? - Unauthorized Access Podcast
[Podcast] NSA Cybersecurity Services for Defense Contractors
Understanding the Additional Risks When Making a Ransomware Payment
Significant data breaches have affected major players in the healthcare industry in the last year, with the methods of attack being as diverse as the affected entities themselves. Originally published in Law360 - June 4,...more
In a recent settlement with an accounting firm, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) reinforced its ongoing commitment to holding business associates accountable for the...more
I. U.S. SANCTIONS - U.S. Department of the Treasury Sanctions Russian Cryptocurrency Exchange: On August 14, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) re-designated the cryptocurrency...more
The burgeoning AI industry has sparked a surge in data center projects across the United States, a trend likely to be further accelerated by measures recently announced by the US administration as part of its AI Action Plan....more
IBM and the Ponemon Institute have released the 2025 Cost of a Data Breach Report. The report, which has become an annual late-summer tradition, highlights the evolving risks and costs associated with data breaches. This...more
One key lesson from the ongoing ransomware epidemic is clear: threat actors don’t discriminate. It doesn’t matter who you are or what your business does — if they see an opening, they’ll exploit it, ready or not. Despite...more
News Briefs - Over 75% of Health Organizations Targeted by Ransomware Over Year - More than three-quarters of healthcare survey respondents said their organizations were targeted by ransomware in the past 12 months, and 53...more
"Infostealers" have transformed from niche threats into the backbone of modern cybercrime, fueling a $4.88 million average breach cost in 2024. In this article we synthesize the latest threat intelligence to expose critical...more
In this line of work, I am often asked if law enforcement is ever successful in finding and punishing the threat actors who have wreaked havoc on U.S. businesses and stolen millions of dollars in ransomware attacks. I am so...more
Written Information Security Programs, commonly referred to as WISPs, are critical plans to have in place – not only to efficiently and effectively respond to ransomware attacks and data breaches when they occur – but to...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and...more
Ransomware group Akira is believed to be behind a large number of attacks that appear to be tied to SonicWall firewalls with SSLVPN enabled. Over the past week, a large number of attacks by the ransomware group Akira have...more
A state law requiring municipalities and public authorities to report cybersecurity incidents within 72 hours and ransomware payments within 24 hours compels New York governments to ensure they have protocols in place to...more
When President Donald Trump signed the Federal reconciliation bill into law on July 4th, things became more challenging for smaller or rural health care delivery organizations – often working on shoestring budgets heavily...more
Welcome to our seventh issue of 2025 of Decoded - our technology law insights e-newsletter. What does the US GENIUS Act Mean for Stablecoins? “The White House categorically states it is a historic piece of legislation that...more
On July 29, 2025, the Cybersecurity & Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security...more
Leading businesses continue to suffer cyber attacks at the hands of sophisticated ransomware groups. For example, the threat group “Scattered Spider” (also known as UNC3944, Octo Tempest, 0ktapus) is once again making...more
On June 30, 2025, Governor Mike DeWine signed into law (HB 96), a cybersecurity mandate that applies to all political subdivisions in Ohio—including counties, municipalities, townships, and school districts. ...more
On July 20, 2025, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) issued urgent warnings about new, actively exploited vulnerabilities in Microsoft SharePoint Server. These vulnerabilities, known as...more
When the lights stayed on in Kyiv during a wave of missile attacks in early 2024, Ukrainian officials quietly acknowledged a second line of defense that received far less public attention than the nation’s air-defense...more
In its FY 2026 budget, Ohio quietly folded in a sweeping cybersecurity mandate that will require every “political subdivision” to have a cybersecurity program that aligns with recognized industry frameworks and adopt strict...more
In today’s always-online world, cyber resilience is a business imperative. For midsize and fast-growing small companies, the stakes have never been higher. The convergence of artificial intelligence (AI), increasingly...more
In the 18 months since the Change Healthcare breach occurred, class action suits—filed by both patients and providers—continue to multiply, with no resolution yet in sight. In fact, in late June, the Minnesota judge presiding...more
The messages from government agencies and cybersecurity leaders at the end of June were clear – nation-state-sponsored cybersecurity threats are on the rise. Pro-Iranian “hacktivists” are targeting U.S. infrastructure and...more
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more