Incident Response

Data breaches and security incidents are becoming increasingly common and complex and require particular and significant experience to handle them and minimize business and legal risk.  Responding to a cyber attack is not simply a matter of repairing IT systems.  It is a nuanced and involved practice, that requires immediate attention to a myriad of details, including honoring extremely short time frames for legal reporting obligations and avoiding interruption to operations, damage to reputation, loss of IP, civil or regulatory liability, and decline in workforce performance.

Many ask: if I have been breached, who do I call first?  Contact an experienced data breach lawyer with a significant tech background and incident response experience.  Beckage is here to help.

Beckage Is A Nationally Recognized Leader In Data Breach and Incident Response

Beckage is a nationally recognized, insurance carrier approved tech law firm that has responded to countless data breaches of all sizes, including ransomware, malware, business email compromise, spoofed websites with intellectual property infringement, and inadvertent loss of data.

Beckage’s managing director, Jennifer A. Beckage, Esq., CIPP/US, CIPP/E has been named in 2018, 2019, and 2020 as one of the Top 30 Data Breach Lawyers in the U.S. by Cybersecurty Docket, a peer-evaluated award based on significant experience with data breach matters.

Beckage attorneys are often cited in national media, including Law.com, Law360, NBC News, and are key speakers in industry-specific events and conferences.

Beckage Moves Quickly To Restore Business Operations And Meet Notice Obligations

Beckage’s focus and experience in incident response allows us to guide client responses quickly and efficiently, through numerous important steps of incident response, including:

  • Data and systems preservation
  • Forensic investigations
  • Legal and contractual obligation analysis
  • State, federal, and industry regulatory compliance
  • Insurance coordination and reporting
  • Public relations and crisis management
  • Internal workforce communication and management
  • Notification and identity monitoring obligations

At Beckage, we recognize the financial and reputational risks associated with data breaches and cyber attacks creates immense pressure to implement an Incident Response Plan immediately.  We understand that operational downtime can be as costly a problem as a cyber attacker.  We see that regulatory compliance can require as much focus as system remediation.  And we know that civil liability and reputation damage can pose as big a threat as a compromised email account, ransomware, or a spoofed website.  We understand because we work on incidents every day and respond to new incidents within minutes and hours.  Our focus and experience allows us to effectively and immediately help clients respond to a data incident, balancing the competing interests a cyber attack presents while rapidly moving through the necessary steps of incident response.

We offer a 24/7 Breach Response Team that provides immediate counsel designed to coordinate communication, preserve assets and systems, mitigate harm to your business’s reputation, and limit legal liability. 24/7 Data Breach Hotline: 844.502.9363

Our extensive experience and continuous focus on data breaches means we are continually assessing both cyber threats and the evolving landscape of regulatory, civil, and reputational risks.  As a result, we move faster on our clients’ behalf and preserve client resources by liaising between data breach insurance carriers, forensic vendors, regulators, notification providers, third-party vendors, and others.

Beckage Has Worked On Numerous Types of Breaches

  • Ransomware
  • Malware
  • Denial of Service Attacks (DDos and Dos)
  • Spoofed/hijacked websites
  • Foreign state actor threats
  • Business email compromise
  • Digital Millennium Copyright Act matters
  • Inadvertent disclosures
  • Website and domain name take-downs
  • Employee error
  • Competitor threats
  • Disloyal employees
  • Lost and mismanaged devices

Beckage Has Experience With Many Laws And Jurisdictions

Statutes, including the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), New York’s SHIELD Act, and industry regulations, such as New York’s Department of Financial Service’s Cybersecurity Act, require specific responses of entities impacted by a data incident or breach.  Beckage attorneys represent clients in reporting data breaches to state and federal regulators, under these and other legal requirements, including the Department of Health and Human Services (HHS), state Attorney Generals’ Offices, and law enforcement.

In addition to responding to cyber attacks and data incidents, we provide continued support through corporate compliance programs and tabletop trainings, wherein client incident response teams walk through a Beckage-led data breach simulation in order to be better prepared to both prevent and respond to cyber attacks.

Health Care/PHI Data Breaches

Beckage’s incredibly seasoned and experienced Health Law Team, has responded to and reported on many healthcare industry data breaches under HIPAA.  This includes analyzing BAA’s, advising on mitigation efforts, interfacing with the Department of Health and Human Service’s (HHS) regulators within the Office of Civil Rights (“OCR”), and responding to OCR investigations.

Beckage Has An Incredible Global Network of Tech and Support Contacts

Beckage can quickly construct technology, forensic, and ransom negotiation teams.  From containment through investigation and reporting, Beckage builds custom teams to properly and proportionally respond to breaches, including use of appropriate parties to create bitcoin wallets and facilitate negotiated ransom demands.

Beckage Has Provided Notice To Millions Of Customers Around The Globe

In a data breach, an organization may have to provide notice to potentially impacted customers and reporting to regulators.  Beckage has many standardized and routinely updated playbooks, templates, and communications plans related to notice and reporting, including interfacing with regulators.

Beckage also has an interactive map for data breach reporting regulations.

Government Investigations

Beckage has work on numerous investigations by a variety of governmental agencies and regulatory bodies on matters related to a data breach.  There are regulators that oversee specific industries and those that preside over specific jurisdictions.  Beckage’s extensive prior experience has fully familiarized us with the exact requirements of each.

Some incidents require immediate law enforcement involvement in order to appropriately mitigate risk of monetary loss or to address ransomware threat actors.  The Beckage Breach Response Team shares a network of relationships with federal and state law enforcement agents who can provide indispensable help in responding to an a cyber attack.

Significant Data Breach Litigation Experience

Sometimes after a breach, the victimized business is subject to a lawsuit from consumers or business clients that were impacted.  Beckage’s Litigation Team has successfully resolved many putative class actions and commercial litigations.

Representative Incidents

  • Nationally recognized healthcare provider impacted by third-party breach utilized Beckage to lead response that included internal forensic audit, notification of tens of thousands of potentially affected individuals, and prepare client to initiate litigation against responsible third party.
  • Forensically identified source of email wire fraud scheme as client’s vendor, negotiated repayment of fraudulently redirected vendor invoice payment, and led implementation of new administrative and technical safeguards.
  • Led financial institution through business email compromise matter resulting in notification and identity monitoring provision to potentially affected individuals, and reporting to regulators and state officials, including follow-up investigation response with state regulators.
  • Publicly traded company response to vendor data incident led by Beckage to analyze regulatory and state notification requirements, resulting in significant payment to address costs associated with incident response.
  • Managed healthcare client response to incident, including notification to Department of Health and Human Service’s Office of Civil Rights (“OCR”), pursuant to HIPAA, and interfaced with OCR personnel during follow-up investigation resulting in a ‘No Action’ decision by OCR.
  • Led incident response for manufacturing firm suffering significant business interruption due to ransomware locking up production lines and office IT systems. Successfully negotiated insurance coverage and ended downtime within days of client engagement.
  • Directed education organization incident response team through detection, containment, and remediation, amongst other stages, to successfully end interruption to educational services and recover monetary damages from third-party service provider identified by Beckage as responsible for the compromise that resulted in the incident.
  • Served as incident response counsel for municipality in order to restore constituent services within hours of client engagement before leading further analysis and remediation efforts and engineering new safeguards and staff training implementation.

Testimonials

After learning of a serious breach that exposed credit card information on over 100,000 customer accounts, Beckage quarterbacked the entire breach response, including consumer and government noticing, interfacing with our cyber insurance carrier and working through and around the many shortcomings of our ecommerce provider.  Beckage did a marvelous job helping us manage customer blowback and we escaped with minimal damage.“

COO & CFO, Specialty Manufacturer

Shortly after my company experienced a potentially devastating data incident, I hired Beckage to assist us with determining a solid course of action that would preserve our reputation as well as minimize our legal liabilities.  Thanks to Beckage, we had a very successful outcome—especially compared to the consequences that we were originally facing. The Beckage team is perhaps the most knowledgeable team with respect to data and privacy-related matters.  Should you find yourself, or your company, involved in a data compromise of any kind, you could not find a better lawyer and/or team to represent you.  I cannot recommend Jennifer and her firm highly enough. ”

President, Health Organization

Beckage is my first call whenever there is a suspected security incident.  [Jennifer Beckage’s] background in technology—specifically in owning and growing a large tech company, now a public company, and subsequent entrepreneurial tech firms—allows us to immediately address the issues at hand instead of translating IT speak to legal terminology.  Beckage has a natural ability to fuse the technical IT challenges with the legal requirements and communications both in a way that is understandable to those under high stress situation.”

– CEO of an Information Technology and Services Company

Beckage