As was originally reported by the technology website Ars Technica and by several Albany, NY-based business and news publications such as Times Union, an Albany-based accounting firm recently suffered a ransomware attack most likely from the ransomware ring known as Maze. Maze and other ransomware rings have begun to go public, shaming businesses and governments by publishing a portion of what they've accessed from the victims' computers to prove that they really have gained access. As such, in January 2020, the first of many notification letters sent by the victimized accounting firm began arriving in the mailboxes of patients of one of the firm’s clients alerting them that protected health information, date of birth, and insurance coverage may have been exposed in the security breach.

On August 5, 2020, the Albany Business Review published an article reporting that the firm had been served a class-action lawsuit by the patients whose information was compromised. This is the second lawsuit filed against the firm. I suspect there will be other lawsuits filed in addition to any State and Federal fines that may be levied against the Albany-based firm and potentially their client as well. With an average cost of a breach estimated to be about $240 per record and based on the number of personal records that the lawsuit claims were breached, the total cost of this breach (attorneys’ fees, fines, credit monitoring, loss of clients, and any settlement) could be almost $41 million!

A ransomware attack or computer virus can happen to you and most likely will happen. The best defense is you! Be vigilant. Don’t click on suspicious website links or attachments found in e-mail messages. If it looks suspicious, it probably is. Make sure computer backups are up to date, frequently tested, and stored offline.

FoxPointe Solutions, a division of The Bonadio Group, specializes in assisting organizations big and small in reducing the risks of data breaches. Unlike other firms that claim to have dedicated information risk management and cybersecurity advisors, advisory services are all that FoxPointe Solutions provides – no product resale or implementation services.

Reach out to me at jroman@foxpointesolutions.com or one of my talented colleagues to schedule a one-hour cybersecurity readiness session.

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.