Tag Archive for: LLP

Coverage Challenges in Ransomware Claims: Cyber Insurance Policies and Trends in Denials | Kohrman Jackson & Krantz LLP

/in


A consistent pattern emerges in data breach and cyber-attack cases when companies turn to their insurers for coverage after such incidents. Whether they possess specialized cyber insurance or not, insurers often decline claims, citing various reasons such as failure to provide timely notice, failure to mitigate costs, employee misconduct or criminal activity leading to the breach, or attributing the losses to a party not covered by the policy. This holds true for both General Casualty or Liability policies (GCL) and specialized cyber liability insurance policies, covering damage to electronic assets.

On December 22, 2022 the Ohio Supreme Court in EMOI Servs., L.L.C. v. Owners Ins. Co. ruled that an Ohio medical billing company’s cyber insurance policy did not cover a ransomware claim for damages because the insured could not demonstrate that there was “physical harm or damage” to the computers which housed the data, as required by the terms of the policy. The electronic policy noted that the coverage included:

“When a limit of insurance is shown in the Declarations under ELECTRONIC EQUIPMENT, MEDIA, we will pay for direct physical loss of or damage to “media” which you own, which is leased or rented to you or which is in your care, custody or control while located at the premises described in the Declarations. We will pay for your costs to research, replace or restore information on “media” which has incurred direct physical loss or damage by a Covered Cause of Loss. Direct physical loss of or damage to Covered Property must be caused by a Covered Cause of Loss.”

The insured argued that since the ransomware made the data inaccessible and unusable, the media suffered damage covered by the policy language. However, the Ohio court disagreed.

EMOI Servs., L.L.C. v. Owners Ins. Co. Case Overview

EMOI is an Ohio-based company assisting hospitals with medical billing, resulting in the handling of personal data, financial data, and Protected Health Information. In September of 2019, EMOI was the victim of a ransomware attack, where the attackers locked up files and demanded ransom. After obtaining a “test key” from the hackers to unlock a single data file,…

Source…

Global Insurance Symposium | Events – Reed Smith LLP

/in



Global Insurance Symposium | Events  Reed Smith LLP

Source…

Could Critical Infrastructure Suffer from a PIPEDREAM? | Nossaman LLP

/in


During the past couple of years, multiple warnings of imminent cyberattacks have seemingly gone unheeded by critical infrastructure owners and operators. Is embracing a fantasy that they won’t be attacked potentially a pipedream? Both figuratively and literally, the answer is “yes.”  

A report filed February 14, 2023 indicates how close multiple water and Liquefied Natural Gas (LNG) facilities came to being victims of a catastrophic Russian-based malware dubbed “PIPEDREAM.” This malware is particularly pernicious because it can infect a broad range of industrial control systems (ICS) rather than a single, specific system. Described as a “‘state-level’, wartime capability,” the PIPEDREAM malware has the capability of taking industrial control systems offline, creating a potentially disastrous outcome. Moreover, while earlier malwares could infect control systems through vulnerabilities in the system’s software that could be remedied with a “patch,” PIPEDREAM cannot be fixed with a patch because it takes advantage of the inherent capabilities built into the ICS itself.

However, because PIPEDREAM is such a potent malware, it is not known if it was actually prevented from infecting the control systems of water and LNG facilities, or if it is lying dormant waiting for the most opportune time to attack. At the very least, it is expected that PIPEDREAM will remain a tenacious threat that critical infrastructure owners and operators must take measures to thwart. The time for whistling past the graveyard is over.

The Cybersecurity and Infrastructure Security Agency (CISA) offers a number of ways to protect ICS from malware attacks.

Source…

Narrowing the Disclaimer Doctrine: Federal Circuit Cabins the Reach of Disclaimers in the IPR Context | Haug Partners LLP

/in


OVERVIEW

The United States Court of Appeals for the Federal Circuit recently affirmed three Inter Partes Review (IPR) final written decisions of the U.S. Patent Trial and Appeal Board (“the Board”) where the Board concluded that petitioner, Trend Micro. Inc. (“Trend”), had shown the challenged patent claims in patentee, Cupp Computing AS’s (“Cupp”), U.S. Patents Nos. 8,631,488 (“’488 patent”), 9,106,683 (“’683 patent”), and 9,843,595 (“’595 patent”), unpatentable as obvious over two prior art references.1 Setting a new precedent with respect to claim construction, the Federal Circuit held that although a patentee’s clear and unmistakable disavowals of claim scope during an IPR proceeding can narrow the scope of the claims, such a statement serves to narrow the claims only in subsequent proceedings—not in the IPR proceeding during which the statement is made.2

Cupp contended that the PTAB erred when it rejected Cupp’s disclaimers in the IPR.3 The Board did not find this argument persuasive and concluded that it could ignore the patentee’s disavowal in construing the claims.4 The Federal Circuit agreed with the Board.5

I. Introduction

Each of the three patents at issue share a common name and priority date and address the problem of malicious attacks aimed at mobile devices.6 The patents concern methods for waking a mobile device from a power-saving mode and then performing security operations on the device, “such as scanning a storage medium for malware, or updating security applications.”7

The issue on appeal to the Board’s determination related to the precedential decision is one of claim construction.8 Specifically, each independent claim in the three patents includes the limitation “the mobile device having a mobile device processor different than the mobile security system processor.”9

II. Background

In March 2019 Trend petitioned the Board for an IPR of several claims in each of the ’488, ’683, and ’595 patents arguing that the claims were unpatentable as obvious.10 Trend presented two pieces of prior art contending that either could be individually relied upon to show the challenged claims would have been…

Source…