Cybercriminals have found backdoors on many organization’s servers and systems. They hold their data for ransom for them to release it. A good example is a case that happened in 2019 to Allscripts, a Chicago-based medical records company. A group of software attackers infiltrated their servers and encrypted their data in folders. This made sure that the client’s data could not be accessed. To surrender control of the files back to the company, they asked for bitcoins to be transferred to them as payment.
A few lawsuits were coming
Allscripts, however, was adamant and did not give in to their demands. Their IT personnel dug in to fetch backed up files, which took time but were finally able to restore all data held by the ransomware. In the process, 1,500 patients and facility personnel could not get to their data on the server. This led to one of their clients, Surfside Non-Surgical Orthopedics in Boynton Beach, being affected and getting Allscripts served in a federal court. Surfside filed lawsuits against Allscripts based on negligence i.e. not being careful enough to protect the client’s information.
Many companies have been hacked once in a while over some time. These attacks have left the companies in financial crisis and some had to close down. The hackers have come up with new techniques of hacking into a company’s IT system and tampering with important and sensitive data. The remedy available to clients and customers for economic losses include monetary compensation. Cybersecurity is a concern for every business. Not only for larger corporations such as banks, Insurance companies, and tech companies. In fact, statistics show that small businesses are at higher risks of being targeted. However, there is hope at the end of the tunnel for cyber-crime victims, there are legal protections available for hacked companies.
The united states of America have not instituted one comprehensive law to govern the protection of personal information (like EU’s GDPR), however, there are sector-specific privacy and data regulations that work with state-level data protection and data breach laws. These are
- HIPAA (The Health Insurance Portability and Accountability Act). Standards set to secure PHI – Protected Health Information. Subject to the standards are Healthcare Providers, Healthcare Clearinghouses, Health Plans, and Business associates.
- NIST 800-171 Standards to secure CUI – Controlled Unclassified Information in non-federal information systems and organizations. The standards define how to distribute sensitive material (but not classified) in a secure way.
- The Gramm-Leach-Bliley Act – Standards to protect consumer’s personal information saved in Financial institutions. Financial institutions are required to explain to their customers how they share information and safeguard sensitive information.
- FISMA (Federal Information Security Management Act) this law was passed in 2002 and requires federal agencies to implement Information security plans to protect sensitive data. Any private company that has a contract with the government, will also need to comply with FISMA.
- FTC (Federal Trade Commission) enforces consumer protection and antitrust laws to investigate fraud and scams among other activities.
EU’s GDPR (General Data Protection Regulations) also affects the US. If a US-based company process PII (personally identifiable information) of people inside the EU, the US company must comply with GDPR rules.
To prevent lawsuits and damages businesses have the responsibility of maintaining secure their client’s personal information at all levels, ensuring the data is safe and that no unintended or unauthorized access reaches this information.
To comply with the data protection of consumers and prevent any lawsuits, companies are using Fortknoxster to request and store safely any sensitive documentation ensuring the data is safe and compliant with the above-mentioned regulation at all times.
If your company deals on a daily basis with client’s sensitive documentation such as personal ID`s, proof of address documents, or any other of such kind, keep in mind you will need to comply with your local law whilst preventing any unauthorized access to it.
If you are looking for peace of mind managing clients sensitive information using Fortknoxster is the only tool that can provide you with that peace of mind.
Request your 7-day FREE trial, NO CREDIT CARD NEEDED.