Business owners should take a proactive approach to shoring up cybersecurity measures – it may protect your assets not only in business, but also in court.
Among other effects, the global coronavirus pandemic has led to a huge increase in cybersecurity attacks. Cybersecurity attacks on businesses have skyrocketed, with cybersecurity breaches costing the global market over $600 billion annually. Reportedly, there is now a new cyberattack every 39 seconds.
The global lockdown has boosted remote working platforms, cloud file sharing software, and eCommerce sites, but this great transition from in-person to virtual interactions puts businesses at greater risk of being targeted. A cybersecurity attack that results in a data breach exposes businesses to customer distrust and, potentially, litigation.
Let’s take a look at how, in the event of an actual cybersecurity breach, businesses may be at risk of litigation.
Sensitive Data as a High Risk Factor
In October 2020, Wilmington Surgical Associates in North Carolina was victim to a ransomware attack carried out by the NetWalker cybercriminals that resulted in a 13 GB data breach. This group gains access to seemingly secure network systems by sending out emails that look legitimate. Once they have breached a network system, the cybercriminals exfiltrate and encrypt the data they have accessed, then demand an exorbitant ransom be paid via bitcoin in exchange for the data. While the NetWalker cybercriminals largely focus on the health sector, they also target customer experience management companies, the manufacturing sector, and business management solutions.
Now, as of February 2021, Wilmington Surgical Associates is being sued for cybersecurity negligence. The data breach enacted by the NetWalker group resulted in highly sensitive data being breached: patient names, birth dates, social security numbers, and health records. Patients have joined together in a class action lawsuit filed by Rhine Law Firm, with the intention of forcing the practice to strengthen its data security systems and submit to annual audits and provide credit monitoring services.
These patients claim that Wilmington Surgical Associates did not adequately secure its network, servers, and system, and the egregious lack of monitoring led to the intrusion occurring unnoticed. The resulting lawsuit seeks reimbursement of out-of-pocket expenses, restitution, compensatory damages, and injunctive relief. The lawsuit comes amidst an increase in data breach lawsuits in the healthcare industry this year, most of which are settled out of court.
A Vast Web of Connections
Since cybersecurity breaches can attack businesses in all sectors, both business and client data is at risk. This means that litigation regarding a cybersecurity breach can draw strength from a vast network of sources. For example, a recent lawsuit was filed against Abbott Laboratories by a retired participant in the Abbott Laboratories Stock Retirement Plan. The lawsuit drew on ERISA, the Employee Retirement Income Security Act, to claim against the defendant, whose alleged failures in call center and website protocols lead to the unauthorized distribution of $245,000 from the participant’s account.
In 2018, the participant became the victim of an identity theft attack, as a hacker accessed their retirement account through the Abbott Benefits website. In a series of calculated maneuvers, the thief was able to manipulate the client and extract home address and financial information. The client sought to hold Abbot Laboratories accountable for the security breach and theft. While the court eventually rejected the claim, Abbott Laboratories still faced liability in court before the outcome was announced.
Finding the Fault
In the aftermath of a cybersecurity breach either large or small, claimants with sufficient evidence can seek to hold the breached business responsible for the ensuing damage. Whether the attack resulted in huge quantities of personal data being revealed, as in the Wilmington Surgical Associates case, or was targeted at a single victim, as in the Abbott Laboratories case, businesses whose systems have suffered breaches may still be liable in court.
Each case is different and the damages incurred will always depend on the evidence presented. But regardless, business owners should take a proactive approach to shoring up cybersecurity measures – it may protect your assets not only in business, but also in court.