Incidence Response Overview

Cyber risk claims at law firms are considerably more complex than claims for retailers, FI or healthcare entities because cyber risk claims at law firms often involve confidential information or information subject to attorney client privilege. Therefore, we designed our SafeLaw incident response network and process for the unique needs of law firms. A summary of the SafeLaw incident response and claims handling is outlined below.

  1. Initial Point of Contact: O’Hagan Meyer handles the incident reporting telephone hotline (and email). O’Hagan Meyer’s primary specialty is in working with professional liability insurers. They are also the founder of the Professional Liability Attorney Network (“PLAN”) and have over 10 years of experience in working with cyber risk policies and claims. The first call from the client goes to Kevin O’Hagan, Matt Lanskey or Jamie Davidson. Many cyber risk insurers have a technology/security firm managing the incident reporting hotline instead of a law firm. We use a law firm be the first point of contact to establish attorney client privilege with the client. The types of incidents involving law firms are typically sensitive and our first clients demanded an option to report under privilege, so we designed our incident response and claims handling around the concept of attorney client privilege. Aside from establishing privilege, O’Hagan Meyer is responsible for:
    1. the initial intake of the incident and coordination overall response with the insurer;
    2. providing the policyholder with triage advise and communicating a litigation hold to preserve evidence as needed;
    3. working with the client to deploy breach response service vendors (also under privilege); and
    4. coordinating specialist involvement when it is needed.
  2. Specialty Incident Response: I think points 1-3 above are self-explanatory, but point 4 is a bit more complicated. The majority of incidents we see involve data breaches, which means unauthorized disclosure of personally identifiable information or confidential information. In cases involving confidential information, we utilize O’Hagan Meyer because they have comprehensive experience in handling data breaches at law firms, which tend to be very different than retailers, banks, healthcare, technology or other industries. We rely on O’Hagan Meyer for the highly specialized law firm data breaches involving things such as: (a) Qui Tam actions; (b) ADRC violations; (c) inadvertent disclosure of privileged material; (d) violations of ABA ethics rules; and (e) related claims unique to the legal profession.There are other types of specialized incidents where we use subject matter experts to assist our clients. For example, we utilize specialist to handle certain types of incidents including (a) extortion and ransomware; (b) intellectual property infringement; (c) denial of service attack or advanced persistent attacks; and (d) healthcare related data breaches. Unfortunately, there is no once size fits all solution, so we specialize to provide our clients with the best expertise. Here is a short list of the experts we utilize for specialty incident response:
    1. Intellectual Property Infringement: We use Tayna Forshiet at Baker Hostetler for claims alleging intellectual property infringement such as copyright or trademark infringement.
    2. Healthcare Data Breaches: We use Lynn Sessions at Baker Hostetler for legal. We use IDExperts for the victim remediation as well as their MIDAS system for medical identity monitoring.
    3. Advanced persistent attacks, DDOS and related sophisticated attacks: We typically rely on Mandient, Trustwave, Verizon, or Alvarez & Marsal. However, we do use local specialists in some cases. We frequently use the same vendors to restore client data once the cyber attack has been terminated.
    4. Ransomware and Extortion: We use Randy Sabett, CISSP from Cooley LLP for legal, negotiations and ransomware response, AVG (Avast) for technology solutions, and Mandient for recovery/restoration.
  3. Standard (PII Breach) Incident Response: In cases where the firm suffers a data breach involving disclosure of personally identifiable information, we deploy a panel of providers to help the client notify victims and remediate identity theft. Randy Sabett, CISSP from Cooley LLP leads the SafeLaw panel and is our lead privacy counsel. Andy is a former crypto engineer and coauthor of the “ABA Cyber Security Handbook: A Resource for Attorney’s, Law Firms, and Business Professionals.” We selected Randy because of his extensive experience with law firms and privacy breach response. Randy is responsible for advising policyholders on privacy matters as well as maintaining SafeLaw panel and deploying the vendors necessary to respond to a data breach involving personally identifiable information. The Cooley SafeLaw panel incorporates numerous vendors in different categories and geographies to provide the policyholders with expertise and flexibility. A sampling of our panel services and members include:
    1. Technical Forensics: We frequently use Mandient, Verizon, and Trustware to conduct technical forensics to identify the source and scope of the data breach;
    2. Notification: We typically have Randy Sabbett work with clients to draft the notice letter. We also use vendors including AllClear ID, Experian, TransUnion and ID Experts to provide clients with letter printing services, email notice, media notice, mailing services and postage involved in victim notification.
    3. Call Center: Randy Sabbett works with clients to draft the script for call center employees to use when speaking to victims. We also use call vendors including AllClear ID, Experian, TransUnion or ID Experts to provide clients with outsourced call center services for victims of the privacy breach. In most cases, the call center services are performed by the organization handling the credit monitoring and identity theft remidtaion to prevent to many victim “hand-offs”.
    4. Credit or identity monitoring service: We typically provide policyholders with an identity theft assistance service for victims. We offer numerous options including credit monitoring, Identity theft remediation, fraud assistance and similar services. Our vendor panel includes AllClear ID, Experian, TransUnion, Immersion Ltd. and ID Experts for credit monitoring and Identity theft remediation/restoration.
    5. Public Relations Randy Sabett coordiates with public relations vendors to manage crisis communications following a data breach. The public relations vendors we use include Flieshman-Hilliard and Levick.
    6. Defense Counsel: Randy Sabett is our lead privacy counsel for SafeLaw. However, we usually recommend 3-5 privacy defense lawyers to clients and have the client interview the vendors and pick their defense counsel. Some of the other privacy lawyers we recommend include: (a) David Navetta from Norton Rose Fulbright; (b) Ted Kobus from Baker Hostetler; (c) Josh Kantrow from Lewis Brisbois Bisgaard & Smith LLP; and (d) Richard Bortnick at Traub Lierberman; and (e) Jon Nieditz at Kilpatrick, Towsend and Stockton LLP. In addition, members of the PLAN network are available to our clients and provide local representation in cyber risk and data breach matters.

Please note: SafeLaw policyholder are not required to use the SafeLaw panel vendors. We understand that law firms frequently like to select their own vendors, so we provide SafeLaw clients with the option to access to the our world class experts or select their own.