Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Q&A: Cybersecurity threats and mitigation best practices

      Articles

    Article / Article

    Q&A: Cybersecurity threats and mitigation best practices

    Oct 2, 2024

    LinkedInX (Twitter)EmailCopy URL

    By Valerie Montague

    Highlighting a few key ways organizations can protect against threats to their data.

    In today’s rapidly evolving digital landscape, staying ahead of cybersecurity threats and data privacy challenges is more critical than ever. Organizations are constantly navigating new, complex regulatory requirements.

    As we observe Cybersecurity Awareness Month, I wanted to highlight various threats and emerging trends facing healthcare organizations today, and how our Cybersecurity & Privacy Team can help mitigate risks to ensure proper data protection:

    What are the most significant cybersecurity threats organizations face today?

    One of the most significant threats is a ransomware attack. These events are not only financially devastating to a business, but have significant ramifications from an operations perspective, as they may halt vital operations and divert personnel time from key services.

    How can organizations mitigate these risks?

    A robust cybersecurity compliance program is vital. Organizations need to wrap their arms around where their data lives, what access do employees or contractors have to their systems, and what protections can be put into place to make sure that the organization is as protected as possible from today’s sophisticated cyberattacks.

    What emerging trends in cybersecurity should businesses be aware of, and how can they prepare for these developments?

    One emerging trend I see, particularly over the last several years, is that organizations are really taking inventory of their vendors’ cybersecurity controls. Vendors have been and remain a weak link for an organization because obviously they have processes that the customer is not able to control.

    We see this in the healthcare space where health plans and healthcare systems are requiring vendors to undergo audits and requiring them to execute security addenda to services contracts. It is really important for the vendors to review these requirements from an IT perspective, as well as to take assessment as to what those provisions require of the organization. Oftentimes we see them in conflict with a negotiated underlying agreement, or in the healthcare space, a HIPAA business associate agreement.

    It is really important for an organization to understand what its customer is asking for from a cybersecurity perspective, to make sure the organization can comply, and to confirm that, if some of those provisions are triggered, that they are not too onerous.

    What are some best practices for organizations to ensure robust data privacy and security in today’s landscape?

    One helpful best practice would be to bring in a third-party consultant to analyze the organization’s risks from a cybersecurity perspective. Organizations should take assessment of where they have potential vulnerabilities and then work to remediate or eliminate those risks. Regulated entities may already have legal or contractual requirements to conduct such analyses, but bringing in an outsider to evaluate risk and prepare a risk management plan is a great first step at safeguarding data.

    Another important element to cybersecurity is ensuring that the organization maintains an incident response plan and a disaster recovery plan. These should be living documents that are tested by the organization. The organization should walk through the disaster recovery and incident response plans with everyone who will be involved: IT, the PR team, the HR team, leadership, and legal counsel, among others. This process will show if there are any holes and will allow the organization to tweak each plan so that if an event does occur, the organization will be prepared and ready.

    Practices

    Cybersecurity & Privacy

    Insights And Happenings

    • Video

      Professor Hartzog on Web Scraping, AI, and Privacy

      Cybersecurity & Privacy
      Aug 5, 2024
    • Alert

      Rhode Island enacts data privacy law

      July 26, 2024
    • Alert

      New York enacts protective measures for minors’ mental health and privacy rights

      July 11, 2024
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved