Cyber Security

Timji · Jan 8, 2023

Hello, I need legal advice
I am an official representative of IT company,who are a representative of a company operating in the medical sector which has been attacked, resulting in the compromise of personal data of employees, patients, as well as some information about the institutions that provide medicines.
I would like to know what awaits my client, in the case of leakage of corporate and personal data into the network?
They're demanding a ransom from my client.
Is there any way around it and not pay the ransom?

There are several more clients waiting for legal help

doucar · Jan 8, 2023

Timji said:
Hello, I need legal advice
I am an official representative of IT company,who are a representative of a company operating in the medical sector which has been attacked, resulting in the compromise of personal data of employees, patients, as well as some information about the institutions that provide medicines.
I would like to know what awaits my client, in the case of leakage of corporate and personal data into the network?
They're demanding a ransom from my client.
Is there any way around it and not pay the ransom?

There are several more clients waiting for legal help

You need to see an attorney ASAP, rather than rely on strangers on the internet who are forbidden to give legal advise by the terms and conditions of the site.

justblue · Jan 9, 2023

Timji said:
Hello, I need legal advice
I am an official representative of IT company,who are a representative of a company operating in the medical sector which has been attacked, resulting in the compromise of personal data of employees, patients, as well as some information about the institutions that provide medicines.
I would like to know what awaits my client, in the case of leakage of corporate and personal data into the network?
They're demanding a ransom from my client.
Is there any way around it and not pay the ransom?

There are several more clients waiting for legal help

Wow. Unbelievable. With all that is at risk, you are asking random people on the internet rather than an attorney. Hopefully your client realizes what a grossly incompetent company you represent and takes appropriate legal action.

Tax Counsel · Jan 9, 2023

A lot more information on the attack, the perpetrators of the attack, what ransom is being demanded, and what steps the organization took to prevent this thing is needed. to be able to advise your organization what to do. Your company needs to see an attorney who works with companies that face this kind of problem. Your exposure could be more than you know, and if you mishandle this you can make it worse.

welkin · Jan 9, 2023

Timji said:
They're demanding a ransom from my client.

How do you know that personal and company data has been compromised (downloaded)? In a run of the mill Ransomware attack nothing is downloaded from the system. Instead, the files on the system are encrypted and the data can't be accessed. They demand a ransom to unencrypt the files by supplying the encryption key. If you don't pay then you don't get your data.

Besides an attorney you should be contacting IT companies that specialize in restoring systems that are held for ransom.

flyingron · Jan 9, 2023

If you have the proper business insurance, you may find that there is some coverage for such assistance under your policy. The non-profit I am on the board of had a pretty serious attack and the insurer provided a forensic team to investigate just what happened and make recommendations.

zddoodah · Jan 9, 2023

Timji said:
I need legal advice

Please review the "Legal Disclaimer" that appears at the bottom of every page at this site.

That said, your questions are factual in nature and do not call for legal advice.

Timji said:
I am an official representative of IT company

I assume you meant "an IT company." Correct? What is the nature of your status as "an official representative"? Are you an employee?

Timji said:
[An] IT company, who [is] a representative of a company operating in the medical sector which has been attacked, resulting in the compromise of personal data of employees, patients, as well as some information about the institutions that provide medicines.

What is the nature of the IT company's status as "representative" of the medical company?

Timji said:
I would like to know what awaits my client, in the case of leakage of corporate and personal data into the network?

And you think anyone here could possibly know?

Timji said:
They're demanding a ransom from my client.
Is there any way around it and not pay the ransom?

How could anyone here possibly know?

doucar said:
You need to see an attorney ASAP

Is this true, though? I can't see any reason why the OP (as opposed to the two companies he mentioned) needs an attorney. Of course, the OP's explanation of the relevant facts is woefully vague.

retic · Jan 9, 2023

welkin said:
How do you know that personal and company data has been compromised (downloaded)? In a run of the mill Ransomware attack nothing is downloaded from the system. Instead, the files on the system are encrypted and the data can't be accessed. They demand a ransom to unencrypt the files by supplying the encryption key. If you don't pay then you don't get your data.

That has changed over the past year. The hackers not only lock up/encrypt the data, they steal it first and blackmail the individual victims whose PII/HII was stolen into paying so that the data is not sold to identity thieves. Of course, just paying once doesn't stop the blackmail threat from being repeated in the future.

Hackers stole data from multiple electric utilities in recent ransomware attack

Hackers accessed data on 270,000 patients from Louisiana hospital system in attempted ransomware attack | CNN Politics

US family planning nonprofit MFHS says patient medical data stolen in ransomware attack

welkin · Jan 10, 2023

retic said:
That has changed over the past year

A run of the mill ransomware attack is still just that. Hacking into a system network and stealing data is not a ransomware attack. The fact that a network is hacked and then hit with ransomware some times takes days or months.

Read the articles you linked to.

retic · Jan 10, 2023

welkin said:
A run of the mill ransomware attack is still just that. Hacking into a system network and stealing data is not a ransomware attack. The fact that a network is hacked and then hit with ransomware some times takes days or months.

Read the articles you linked to.

I did. If a hacker has penetrated a system deeply enough to encrypt the data and lock out the system administrators and authorized users, extracting sensitive data first for further exploitation is child's play. So, a response should include notification to the victims that their PII/HII was potentially released so they can take appropriate steps to mitigate their own risk, such as locking their credit, changing passwords, watching closely for spear phishing emails, etc.

Otherwise the OP is going to need to retain an attorney and see what, if anything, his company's contract to provide IT services to the hospital says about information security and data breaches.

army judge · Jan 10, 2023

It is also time to contact the applicable/appropriate law enforcement agency.

It could be a longshot, but it is worth the effort.

flyingron · Jan 11, 2023

No need to lock out the system admins. In fact, the attacks I've come across usually lie stealthily in wait to spring at a future time. We've also found malware which was inserting and redirecting emails while leaving the system in normal operation enough so as to not attract attention to the shenanigans.

Cyber Security

Timji

New Member

doucar

Active Member

justblue

Well-Known Member

Tax Counsel

Well-Known Member

welkin

Moderator

flyingron

Well-Known Member

zddoodah

Well-Known Member

retic

Active Member

welkin

Moderator

retic

Active Member

army judge

Super Moderator

flyingron

Well-Known Member

Share this page