(c) 2022 Jon L Gelman, All Rights Reserved.

Thursday, December 1, 2016

Cybersecurity is an imminent and costly threat to lawyers and their clients

Cybersecurity is a critical issue in handling the workers’ compensation claims process. Regulatory authorities and clients are mounting an increased concern that the legal profession must employ adequate measures to protect data from cyber attacks. The fragmented century old social insurance system is complex and expensive to operate and is now confronted with security measures that are more time consuming, cumbersome and expense to implement.

The progress of technology and the Internet of Things (IoT) is advancing logarithmically. The participants in the present workers’ compensation system need to be aware of the seriousness of cyber vulnerabilities as well their responsibilities to maintain the confidentiality of client’s interests and protect the legal strategies of the case.

An overriding question remains whether lawyers’ will be able to effectively protect their client’s confidentiality interests at any cost. Clients are becoming more sophisticated and they now demand that law firms adhere to security standards that will prevent a breach, and if a breach occurs that the law firm will take adequate action to provide notice and, mitigate the potential damage.

The ethical responsibility of lawyers, in most jurisdictions, is to take reasonable care to protect the personal information of clients in accordance with well-defined constitutional, statutory and administrative regulations, ethics opinions and the common law phraseology of the Restatement of Torts.

The urgency of this issue is evidenced by the constant news reports, including government alerts, of cyberattacks on all aspects of the virtual community. Cyber attacks occur on all  devices embracing the IoT including mobile devices. The obligation of maintaining data security extends to law firms’ agents, including third party service agencies, such as cloud based providers.

Homeland Security recently advised the public of the potential vulnerability of potential  crippling distributed denial-of-service (DDoS) attacks implemented by the IoT several weeks ago. Despite those efforts, a massive outage that occurred nationally in October 2016. Dyn, a company whose servers monitor and reroutes internet traffic was the target of massive interruptions throughout the internet. Initial  investigations report the cause as infections generated by the IoT devices that were unprotected.

The complex workers’ compensation system needs to address cybersecurity issues. Lawyers in most jurisdictions  are ill-prepared to handle these situations. They have not been afforded guidance through ICLE courses in technology or have performed due diligence on the subject. 

Medical information, financial data, PPI, employer’s trade secrets/productivity issues, and legal strategies are targets for hackers to harvest. The major perpetrators are: State sponsored agents, gangs of private hackers and disgruntled employees. The purposes of the attacks are for disruption of the system, economic gain generated ransom and/re-sale of cyber information, or just plain embarrassment.

Injured workers, employers and insurance companies are becoming more reluctant to enter into contracts of representation until  they have assured that the law firms handling their confidential information and personally protected information (PPI) will be secure and safe from intrusion and/or inadvertent disclosure. At this point in time there is no uniform standard of cybersecurity and threshold levels to create a protocol have become chaotic, and is compounded even further by what has become a national patch work of multi-jurisdictional workers’ compensation programs.

The economic “bite-back” of cybersecurity is insidiously expensive. Cybersecurity is an additional and huge cost to be absorbed into the cost doing business. While lawyers initially considered technology as both a time and cost saving tool, the reverse is actually true. Overall expenses may increased only 1% over recent decades, but cybersecurity costs are increasing 8% annually.

The complexity of the use of virtual technology demands that needs to be balanced between the easy of data availability and the the expense incurred to maintain the preventive and responsive protocols. Lawyers and law firms participating in the fragment national workers’ compensation system will need to implement cybersecurity protection programs/audits in order to prevent and react to these increasing threats.

Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions
Alert (TA16-336A) US-CERT 12.01.2016 
This article is based on my presentation on Cybersecurity  at the NJ ICLE seminar on Hot Topics in Workers' Compensation Law. The forthcoming 2017 supplement to the treatise Workers' Compensation Law (In Press) will provide extensive and expanded coverage on this topic.

Jon L. Gelman of Wayne NJ is the author of NJ Workers’ Compensation Law (West-Thomson-Reuters) and co-author of the national treatise, Modern Workers’ Compensation Law (West-Thomson-Reuters). 

For over 4 decades the Law Offices of Jon L Gelman  1.973.696.7900  has been representing injured workers and their families who have suffered occupational accidents and illnesses.

Updated: 12-01-2016