The Illinois Department of Insurance Issues Cybersecurity Guidance Regarding Microsoft Exchange Server Installations
Privacy, Cyber & AI Decoded Alert | 2 min read
Jun 4, 2021
The Illinois Department of Insurance (the "Department") recently released guidance to all regulated entities concerning vulnerabilities in Microsoft's Exchange Server installations. Issued on the heels of other state and federal agency warnings and directives, the guidance outlines pertinent details of the vulnerabilities and what successful exploitation of these vulnerabilities could mean—namely "persistent system access and control of an enterprise network." Recognizing that servers may still be compromised even after March and April fixes have been applied, the Department urges regulated entities to:
- Immediately assess the risk to their systems and consumers and take steps to address them;
- Identify internal use of vulnerable Microsoft Exchange products and any use of these products by critical third parties;
- Immediately patch or disconnect vulnerable servers and use tools provided by Microsoft to identify and remediate; and
- Continue to track developments and respond quickly to new information.
Although failure to follow the Department's guidance cannot result in an enforcement action at this juncture, it could potentially support claims in a civil or criminal action given the overwhelming amount of public notice.
Also significant is that the guidance is yet another example of a government agency seeking to monitor and advise on cybersecurity events. This further demonstrates increased governmental interest and foreshadows potential legislation in Illinois and at the federal level. Businesses that already have risk assessment tools and cybersecurity policies in place will be in an excellent position to meet and comply with any future requirements. In addition, it is noteworthy that the average cost of a data breach in 2020—according to the Ponemon Institute—was 3.86 million dollars, which in the short term can significantly impact an organization's operations. Given the possible risks of such a serious and large scale event, we strongly advise businesses to follow the Department's guidance.
Related Content
Related People
Related Capabilities
Featured Insights
Webinar
Apr 29, 2026
When a Cyber Breach Hits: Cybersecurity, Privacy, and Compliance
In The News
Apr 29, 2026
Lauren Campisi Featured in the 20th Anniversary of Louisiana Super Lawyers Magazine
Webinar
Apr 29, 2026
When a Cyber Breach Hits: Cybersecurity, Privacy, and Compliance
In The News
Apr 29, 2026
Lauren Campisi Featured in the 20th Anniversary of Louisiana Super Lawyers Magazine
In The News
Apr 28, 2026
Matt Henderson Provides Media Insights as Conflict of Interest Lawsuits Target Law Firms
In The News
Apr 28, 2026
Akeela White Analyzes US House Hearing on Credit Reporting Compliance Reforms
In The News
Apr 24, 2026
Michael Dowell Reviews New PBM Reform Reshaping Pharmacy Reimbursement
Lawyers for the Profession® Alert
Apr 21, 2026
When Does a Client’s Duty to Investigate Begin? Lessons from a Time-Barred Malpractice Case
Press Release
Apr 20, 2026
Tom Kuzmanovic Selected for BizTimes Milwaukee 2026 Notable Leaders in Law
Press Release
Apr 17, 2026
André Sesler Elected to the Board of Trustees of the University of Florida Law Center Association
Hinshaw Alert
Apr 17, 2026
Q&A: How to Submit Your IEEPA Refund Claim as CAPE Portal Launches April 20, 2026
