Steven Puiszis Quoted in Bloomberg BNA Article about WannaCry Ransomware Attack
Steven Puiszis – a Chicago-based partner who serves as the Privacy and Security Officer at Hinshaw & Culbertson LLP – was quoted in the article "Ransomware Strike: What Impact on Corporate Liability?" published by Bloomberg BNA on May 16, 2017. The article discusses the corporate regulatory and litigation risks of cyberhacking in the wake of the recent worldwide ransomware attack "WannaCry" that affected banks, hospitals and other companies.
Puiszis discussed the risk of litigation, in particular consumer class actions, as these are often filed following a security incident as a result of a major cyberattack. Puiszis said that "WannaCry" likely doesn't pose much risk of a class action, noting that personally identifiable information "wasn't stolen or put on the deep web" to be sold.
In the interview with Bloomberg BNA, Mr. Puiszis, who was in London speaking and moderating a panel on cyber security at a forum for General Counsel of UK law firms also explained the WannaCry ransomware strain included an exploit that targeted a server messaging block flaw in versions of the Microsoft operating system that predated Windows 2010. Microsoft released a patch in March of this year to close this vulnerability and then another emergency patch on Friday for versions of its operating system that it had stopped supporting. He noted that the WannaCry epidemic demonstrates that "patching" is a critical aspect of cyber security that should not be overlooked.
Read the full article, "Ransomware Strike: What Impact on Corporate Liability?" on the Bloomberg BNA website (subscription required)