The key is to be proactive, not reactive. We can help you develop your incident response plans and test those through table top exercises to identify gaps and weaknesses in your cybersecurity program. When you experience a security incident or possible breach, we can help by:
We also work in harmony with strategic partners in forensics and investigation, IT technical and physical security compliance and management, cybersecurity, data classification, data analytics, public relations, and crisis management.
Attack on Point of Sale System
One of our clients, a grocery store chain, experienced an attack on its point of sale system that resulted in a theft of customer payment card information. Our team worked with the client from the moment the breach was discovered to investigate the incident, engage forensic experts and auditors, notify law enforcement authorities, negotiate with affected payment card companies, and develop position statements and press releases. We helped the client handle every aspect of the breach, advising on how to proceed and ensuring that the negative impact of the breach on our client’s business was minimized as a result of a prompt, thorough response.
Social Security Disclosure
Our client, a vendor for the State of Wisconsin, was involved in the
inadvertent disclosure of the Social Security numbers of more than
700,000 Wisconsin taxpayers. Our team worked with the client during
the highly publicized incident to negotiate and address corrective
measures with the state. We drafted and coordinated a notice to the
affected taxpayers, as well as helped the client put credit monitoring
services in place for those affected. We also counseled the client in
connection with the legal and business ramifications of the publicity
associated with the event.
Malware vs Health Care
Our team assisted a large health care system
with a security incident involving malware
attacking its computer systems. We helped
the client obtain outside experts for its
investigation using our contacts in the
industry and developed a security incident
response plan. We analyzed and advised
on whether the incident rose to the level of
a breach of unsecured protected health information under the HIPAA
Security Breach Notification Rule. We also analyzed the applicable state
breach notification laws and aided in the drafting of the required
notifications to affected individuals and covered entities, the media,
and regulatory bodies. We also assisted in the development of fact
sheets and other materials that were used for internal and external
communications regarding the incident.