Kate Hanniford

About Kate Hanniford

Kate Hanniford is a member of the Technology & Privacy Group and Cybersecurity Preparedness & Response Team. She focuses her practice on cybersecurity counseling, as well as federal securities law compliance, enforcement, and litigation.

[Read Bio]

NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses

April 29, 2021 By Kate Hanniford

Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of active exploitation of DFS-regulated companies […]

U.S. Takes Unprecedented Action to Disrupt State-Sponsored Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

April 19, 2021 By Kimberly Peretti and Kate Hanniford

On April 13, 2021, a federal district court granted a motion to partially unseal an FBI application and search warrant following the successful conclusion of an FBI operation to eradicate malicious web shells placed on U.S.-based computers by Chinese state-sponsored actors. The FBI’s use of credentialed, remote access techniques to access, copy, and remove malware […]

NYDFS Issues Best Practices for Cyber Insurance Risk Management

February 18, 2021 By Kate Hanniford

Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a number of provisions expected to impact companies applying for or renewing cyber insurance coverage, not the least of which is a specific recommendation that insurers […]

Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services

February 9, 2021 By Jon Knight and Kate Hanniford

As the Biden administration begins detailing its regulatory and enforcement priorities, it faces a new challenge on the health data privacy and security front. In University of Texas M.D. Anderson Cancer Center v. United States Department of Health and Human Services, No. 19-60226 (5th Cir. 2021), the Fifth Circuit vacated a $4.3 million penalty against […]

SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks

September 24, 2020 By Kate Hanniford

OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]