Levinson and Stefani Injury Lawyers

Client-first legal representation for injury victims. Injured? Free Consultation:

(312) 376-3812

Cybercrime

Colonial Pipeline Cyberattack Brings Array of Waivers at State and Federal Levels

by Leave a Comment

The recent Colonial Pipeline cyberattack is causing state and federal government organizations to take effective courses of actions in response, including methods to help ease disruptions in truck movement. The ransomware attack, which is believed to have ties to a criminal gang, caused the network reaching from Texas all the way to New Jersey to immediately cease its operations.

For states that have been particularly impacted, a solution to help these effects is being offered by the U.S. Department of Transportation. States covered by presidential declarations of disaster–declarations released within the last four months–are able to transport overweight fuel and gasoline loads by using interstate highways, DOT announced.

“Each state must continue to follow its own procedures for issuance of special permits authorizing the loads, but the added flexibility announced today lawfully permits these trucks to run on the interstate highway system and other federal highways,” explained DOT in its announcement.

This state comes after another recent announcement released by the Federal Motor Carrier Safety Administration aiming to offer hours-of-service regulation relief to truck drivers operating within East Coast petroleum supply chains. The hours-of-service flexibility applied to the states of Alabama, Arkansas, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Dakota, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington D.C., and West Virginia.

To efficiently assess the capacity of railroad operators to transport fuel between inland communities and coastal ports, the Federal Railroad administration has implemented a specific emergency action plan, and other DOT organizations have been actively making efforts as well.

For the permission of trucks to operate on interstate highways, previous presidential declarations have allowed such emergency protocol updates to last for up to four months, and those instated will be expiring at different times throughout the year. For example. Alabama, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, North Carolina, Tennessee, and Virginia are covered for a while, but Maryland’s 120-day period will end in early June and Virginia’s in early September.

Pipeline operator qualification regulations have been temporarily relaxed for emergency workers needed to help the partial manual of the system get back up and running. This announcement, set forth by the Pipeline and Hazardous Materials Safety Administration, is only applicable to places operating without appropriate resources for the Colonial Pipeline–a result of the recent cyberattack.

The incident has brought forth responses from many state officials, including Georgia Governor Brian Kemp’s signing of a state of emergency which suspended state fuel taxes and permitted fuel haulers to bypass weigh stations. The state of emergency also prohibited fuel price gouging. In Florida, Governor Ron DeSantis signed a state of emergency allowing the Florida Department of Transportation to waive restrictions on weight and size for divisible loads on vehicles that are actively helping in emergency response efforts.

Additionally, executive orders were signed by Virginia Governor Ralph Northam to allow state agencies to offer waivers to marshal public resources, by North Carolina Governor Roy Cooper to suspend motor vehicle regulations in an effort to allow state fuel supplies to be sufficient, and by Maryland Governor Larry Hogan to waive hours-of-service requirements and weight restrictions for carriers.

“Many states are working in concert to minimize the disruption of fuel supplies,” said Kentucky Transportation Cabinet Secretary Jim Gray. “Our cabinet is doing its part to help ensure that needed relief gets to the affected areas.” Gray signed an order to suspend motor carrier restrictions involving the transportation of ethanol and petroleum to states that have been impacted by these interruptions.

A multi-agency response has also been implemented by the Biden administration, and includes the departments of Justice, Homeland Security, Treasury, Energy, and Defense; the Cybersecurity and Infrastructure Security Agency; the Environmental Protection Agency; the Federal Energy Regulatory Commission; and the Department of Transportation.  To gain a better understanding of the cyberattack and its effects on energy and fuel supply, these organizations have been meeting regularly.

“ATA is aware of some locations being temporarily out of diesel fuel, but we are not hearing reports of it being a widespread issue yet,” said spokesman for American Trucking Associations, Sean McNally, who noted that other freight industry members are also doing their part to solve this problem. “We are closely monitoring the situation and are providing information to our members as needed.”

Risk of Cyberattacks Looms for Trucking Companies–What Can be Done?

by Leave a Comment

Cyberattacks and ransomware breaches are increasing steadily, according to internet and technology experts. Although they are never completely preventable, fleets can make specific efforts in order to lessen the risk of attack and keep their businesses safe.

A cyberattack takes place when a hacker digitally breaks into a company’s IT system and proceeds to encrypt certain files, documents, or the system as a whole. Then, the attacker will blackmail the company into giving them a ransom by threatening to steal or delete the company’s important data.

Ransomware attacks are becoming more common across all businesses–not just trucking–and have been deemed a top overall security threat. Because many companies end up quietly paying an attacker’s requested ransom without submitting any report of the attack, the exact number of recent cyberattacks is hard to determine. 

Global reports of cyberattacks across all industries jumped by 715% between 2019 and 2020, according to Bitdefender, a cybersecurity and antivirus software firm.

Throughout 2019, the transportation industry became one of the most cyberattacked industries in the country, with attacks on 3PLs and fleets becoming particularly dangerous. These attacks are able to compromise all digital information of the targeted fleet, the fleet’s clients and the fleet’s business partners.

Still, too many industry businesses have not implemented necessary precautions or recovery plans.

The trucking industry is going through an era of many technology changes and upgrades, mostly consisting of software meant to boost on-road safety and business practices, rather than any ransomware defense. Luckily, many tech vendors often dive deep into cybersecurity possibilities within their software and can discuss proper protections with the fleets they serve.

“Customers are trying to move freight and get more efficient, so cybersecurity is not in the forefront of their mindset,” said McLeod Software chief security officer, Ben Barnes. “Helping them through the murky waters is part of our strategy. At the end of the day, it affects us all.”

Cybersecurity experts and IT workers say a majority of companies fail to implement any cyberattack prevention strategies whatsoever, and only consider the risk once they’re already a victim.

“My experience is, regardless of industry–whether trucking or shipping or healthcare–once a company is hit with ransomware, they become far more serious about securing their data,” said HudsonAnalytix chief technology officer, William Elkins, whose company is focusing primarily on trucking-related cybersecurity solutions.

“Partnering with proper software vendor companies is key,” said Leonard’s Express director of systems development, Chris DeMillo. “But, ultimately, the responsibility lies with the [fleet] or 3PL.”

Many fleets avoid investing in any cybersecurity insurance due to the rising costs involved, which continue to increase as ransomware attacks grow steadily. On the other hand, some businesses buy this insurance and then believe their fleets are completely safe from cyber attacks, which is not the case, according to experts.

When purchasing cybersecurity insurance, “you really aren’t set, and it can give you a false sense of security that it’s a panacea, when it’s not,” said Leonard’s Express chief marketing officer, Michael Riccio. “What are you doing at the blocking and tackling level to alleviate having to use that insurance?”

Leonard’s Express fell victim to a ransomware attack itself a few years ago, which employees believe occurred from an email phishing scam. The trucking and freight brokerage firm refused to pay the ransom, and the hackers ended up not stealing any important data, luckily. Still, the company used the event as motivation to improve its cybersecurity methods and practices.

A company must create a proper cybersecurity plan, complete with assessment of the company’s valuable assets and where they are located within its software. Entry points into the overall system must be well-known, as well.

“[Although] having a plan doesn’t always help prevent [an attack], if something happens, it lays out the playbook for how to deal with the problem,” said McLeod’s Barnes. “You’ve got to identify the crown jewels and figure out how to protect them.”

Then, a company can decide which preventative practices to implement, including the installation of antivirus software, firewalls, or third-party cybersecurity methods.

“When you’ve done this assessment, it’s a lot easier to put up a cyber budget,” said HudsonAnalytix’s Elkins. “Offset that expense with the impact of an outage. You’ll make different decisions if you consider the cost.”

Then, ensure the plan is utilized by everyone in every department–not just the IT department.

“Make the plan ahead of time, print the plan, and have it all over the place,” said Trimble Transportation vice president, Chris Sandberg. “You should test every so often that the steps you have in place for the business haven’t changed and don’t need to be [updated]–at minimum, annually, but preferable quarterly.”

October Trucking Conference Tackles Marijuana Legalization, Cybersecurity

by Leave a Comment

SAN DIEGO — We recently reported on the American Trucking Associations’ 86th annual Management Conference and Exhibition, which took place at the San Diego Convention Center in early October.

A main topic of discussion was of course the upcoming changes proposed in regards to the Federal Motor Carrier Safety Administration’s hours-of-service rules, which the ATA fully supports.

Another big issue at hand included the legalization of recreational marijuana as more and more states are hopping on board–which continues to push the trucking industry and its current challenges to their limits.

In response, the ATA recently endorsed a set of policies related to marijuana, such as relaxing federal regulations on cannabis studies.

A working group from the ATA, which researched state legalization efforts and their impact on impaired driving and road safety has inspired the association’s Board of Directors to support the increase of marijuana research, especially regarding drug testing technology. According its recommendations, the group has said it aligns with “lifting federal restrictions on marijuana research” in order to continue this kind of research.

At the management conference, the American Trucking Associations explained that it also supports maintaining employers’ rights to test employees for marijuana usage, and that it advocates for the improvement of testing methods, investigation into impairment standards, and further research on the drug’s effects.

Although it is currently unclear what actions the ATA is pushing for in regards to lifting blocks to research, there is an understanding that rescheduling cannabis under the Controlled Substances Act will be an important tool in reaching that goal.

However, ATA’s Controlled Substances and Driver Health and Wellness Working Group do have a few recommendations, such as developing a policy that ensures employers can test all drivers for marijuana, implementing legislation changes to permit drug testing using “alternative specimens” like hair and saliva as opposed to just urine samples, as well as the use of oral fluid testing.

“ATA has long been an advocate for reducing impaired driving–in all its forms–so it only makes sense that we would call upon state and federal governments to consider the impact of increased use of marijuana on our roadways,” said ATA President Chris Spear in a press release. “As an industry that operates in all 50 states and across national borders, we need all levels of government to help us keep our roads and drivers drug-free.”

Spear also mentioned cannabis policy in his conference keynote speech, giving a look into the ATA’s reasoning around establishing such a working group.

“Eleven states, D.C. and Canada have now legalized the recreational use of marijuana, all while our federal government turns a blind eye,” he said. “And guess who gets caught in the middle?”

The ATA has even more controversial endorsements, such as the establishment of a “marijuana victim’s compensation fund,” which would be funded completely by dispensaries, manufacturers and growers. It also recommends the adoption of both state and federal legislation that would “require that each time marijuana is dispensed to an individual, it is reported to the state.” However, these policies do not explain who would qualify for compensation, how the funding would be sourced, or how prescription drug monitoring could legally be put into place.

An additional attention-grabbing topic of conversation at the event included that of cybersecurity, as transportation organizations have become a major target for ransomware attacks.

“This is why we’re doing a session on cybersecurity,” said Ken Craig, vice president of special projects at McLeod Software, as he referenced Forbes’ data showing that the transportation industry currently ranks fifth on the list of the most cyber-attacked industries.

Sharon Reynolds, chief information security officer for Omnitracs, said that small trucking companies are often the biggest targets for hackers as they typically have unsophisticated protection software. Larger companies who do have high-quality protection are still a large target, though, as they often pay hackers highly to disable their computer systems.

Saunders said motor carriers need to start conducting annual assessments of their systems, as well as to begin applying software patches and implementing an incident response plan.

CEO of RunSafe Security Inc., Joseph Saunders, also weighed in, recommending truckers initially protect personal information on both employees and customers, and start educating their employees about phishing scam threats and protecting accounts payable information.

As for computer protection quality right now, “by the time you get the notice, you’re in deep yogurt,” said panel moderator Craig.

Healthcare Cyber Crime: What You Need to Know

by Leave a Comment

Computer GenericBack in August Community Health Systems, one of the biggest hospital groups in the United States, announced that a group of hackers with ties to the Chinese government had stolen data from nearly 4.5 million patient records. Much of that data included Social Security numbers, addresses and a range of personal information protected under the Health Insurance Portability and Accountability Act.

The attack, the largest of its kind since the Department of Health and Human Services began tracking cyber attacks in 2009, has raised several questions for patients and most especially healthcare professionals, who find themselves in a particularly sticky situation when it come to cyber security. The use of Electronic Health Records (or EHRs as they’re also known) and digital web portals has become the standard means of collecting and managing information of patients and would-be-patients; much in the same way retail stores or banks has collected the credit card data of customers for years. But unlike retail stores and banks, which continue to work vigorously to combat various degrees of cyber attacks and financial fraud, ever since the advent of credit cards and the Internet, the wealth of personal information collected by hospitals has long-lasting and far more damaging implications when breached. What’s more, retail companies and banks have had time to adapt; hospitals and administrative teams are just now seeing the dangers involved and realizing how ill-equipped they are.

Mandiant, a security consulting service that monitors such attacks, noted that cyber attacks on public health records have spiked over the last several months. Unlike the limited lifespan of a credit card or your account data, the most miniscule amount of personal information has the potential for near perpetual disaster. For one, social security numbers are broader in utility, allowing hackers to commit multiple types of fraud and identity theft. A security report by computer data storage company EMC Corporation notes that the average selling price for a U.S. credit card in the underground is $1 USD. However when a single card is sold as part of a full identity profile, the cost increases dramatically to $500, with health insurance credentials adding an additional $20 each.

Verizon Data Breach Investigations Report and FireEye’s Advanced Threat also report what many of us may know but are afraid to admit. These cyber breaches are just the tip of the iceberg. Many more are likely to follow, even still as healthcare workers look to change their ways. In news out of Chicago, Healthcare IT News reports that the healthcare industry is making practical attempts to hire IT gurus and techies, based on new findings from HIMSS Analytics. HIMSS surveyed the workforce of several healthcare organizations, finding that demand for IT workers is “projected to continue in the foreseeable future,” according to press release from Lorren Pettit, Vice President of research at HIMSS Analytics.

You may be asking yourself, “How do I protect against these kinds of threats?” There is no simple answer. Diligence, however, is a virtue and the better prepared you are and the more knowledge you bring to the table can better serve your interests. Air your concerns face to face with your physician, dentist, or healthcare provider. At the very least, it will better the odds for everyone.