Lee Neubecker: Expert in Cyber Forensics & Investigations

Curriculum Vitae Lee Neubecker

P‌DF Updated as of 3/21/2025

BIOGRAPHY

Lee Neubecker is the President and CEO of Enigma Forensics, Inc., a Chicago and Fort Lauderdale based Computer Forensics and Cyber Investigation consultancy. Neubecker assists Fortune 500 clients, government agencies, and private organizations with cyber-related investigations involving theft of electronic data, authentication of digital evidence, electronic medical records, fraud, counterfeiting, and online identity unmasking.

Neubecker also is the founder of IT Security Blog leeneubecker.com. Before starting Great Lakes Forensics, Neubecker had served as CISO for HaystackID and following the acquisition of Envision Discovery and Inspired Review by HaystackID, Neubecker was promoted to serve as CIO over the combined entities. Neubecker was named one of the top Global Computer Forensics and Cyber security experts by Who’s who Legal in 2018, 2019, 2020, 2021, 2022, 2023 and 2024 and many years prior to that.

During 2016 and 2017, Neubecker assisted the U.S. Federal Government in discovering important security compromises including, the compromise of NIST.gov wildcard certificate (boudicca.nist.gov) using deprecated encryption (December 2016), compromise of time.gov NIST time servers (December 2016), compromise of NIST NSRL Hash Set download page (December 2016) and leaked email usernames and passwords from U.S. Intelligence Agency email account credentials onto public sandbox websites such as pastebin.com. (December 2016 and January 2017). Neubecker has a track record of uncovering Cyber Data Breaches and has performed investigations on the State and Federal Government Agency levels.

Neubecker’s has performed extensive research pertaining to hardware based vulnerabilities and exploits including, Serial Peripheral Interface – chip stored malware that has been impacting individuals, companies and government agencies in the wild following the leak of

U.S. Cyber weapons cache. Neubecker identified and reported the hack of chicagoelections.com website, that resulted in millions of Chicago resident (and former resident) voting records being disseminated online. Neubecker also provided important intelligence collection and analysis services that helped bring the perpetrators of the Boston Marathon Bombing to justice. Prior to founding Enigma Forensics, Neubecker founded Forensicon, Inc. and sold the company to QDiscovery, a national eDiscovery services provider. While managing Forensicon, Mr. Neubecker provided consulting services in the areas of computer forensics, electronic discovery, data recovery and litigation support to a diverse range of clients. Mr. Neubecker has worked on both Plaintiff and Defense sides, and has served as a regular speaker on topics in the computer forensics and electronic discovery fields for Midwestern legal bar associations, Professional Associations and National Legal Conferences. Mr. Neubecker has been appointed a special master in civil litigation matters by the courts. Mr. Neubecker has been cited in the appellate court as an expert witness in the case, Liebert Corp. v. Mazur. The published opinion of Justice Wolfson, Circuit Court of Cook County, regarding Mr. Neubecker’s testimony can be found at the following link: https://caselaw.findlaw.com/il-court-of-appeals/1063543.html

Prior to founding Forensicon, Inc., Mr. Neubecker founded BuzzBolt Media, a web development and Search Engine Optimization consultancy which later became Forensicon, Inc. Before moving to Chicago in 2000, Mr. Neubecker led the online communities’ product

development and programming initiatives for the Lycos Network, a pioneering Web media model that included three Top 10 Web sites and was one of the most visited hubs on the Internet during Neubecker’s tenure. Neubecker was responsible for creating, launching and managing chat, instant messaging, message boards, and online games across the Lycos network. In this role, Mr. Neubecker led the company’s response to legal inquiries from law enforcement personnel and personally oversaw complicated international investigations involving transcontinental Cyber attacks against company servers and users.

Before joining Lycos and graduating with an MBA focused in technology, Mr. Neubecker launched and successfully managed Innovative Consulting, Inc., an information technology consulting company. Mr. Neubecker’s company deployed network management, contact management, sales automation and ERP solutions to small and mid-tier organizations. Prior to Innovative Consulting, Neubecker held operations and finance analyst positions with Ford Motor Company and Comerica Bank. Mr. Neubecker has experience in securities valuation and accounting from his position at Comerica Bank, where he served as a Trust Fund finance analyst. While serving at Ford Motor Company as an intern, Neubecker was integral in automating important processes and bringing financial forecasting methodologies online, resulting in more timely and accurate quarterly financial forecasts.

Mr. Neubecker graduated magna cum laude from Babson College with a Masters of Business Administration, focusing on Technology. Mr. Neubecker also holds an undergraduate degree in Finance, magna cum laude, from Eastern Michigan University.

NOTABLE CASES OF RECORD AS A COMPUTER FORENSICS EXPERT WITNESS

LESEAN DOBY v. ZIDAN MANAGEMENT GROUP, INC.

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS EASTERN DIVISION

Case No. 1:23-cv-16602

Provided affidavit regarding the analysis of a biometric fingerprint lock in support of the defendant as it relates to the Illinois Biometric Information Protection Act.

JAQUAN SHORTER v. ADVOCATE HEALTH AND HOSPITALS ) CORPORATION, ET. AL.

IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS

COUNTY DEPARTMENT, LAW DIVISION

Case No. 2023L012024

Filed affidavit regarding user authentication to the defendant’s Electronic Medical Record system and the origins of the logon activities when accessing the patient’s health provider’s EMR system.

EUGENE EVANS v. CORRECTHEALTH CLAYTON, LLC and PAMELA BLAHA, LPN

IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA, Case No. 2023CV379078

Filed affidavit regarding electronic medical records.

MARVA BURNETTE v. RUSSELL P. NOCKELS, M.D., IGNACIO JUSUE-TORRES, M.D., and LOYOLA UNIVERSITY MEDICAL CENTER

IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, LAW

DIVISION, Case No. 2023-L-000973

Filed affidavit regarding electronic medical records and audit trails.

CHRISTINE MCLAUGHLIN, CRYSTAL VANDERVEEN, JUSTIN LEMBKE, SCOTT HARDT, ET. AL. v. SELECT REHABILITATION LLC

UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF FLORIDA

JACKSONVILLE DIVISION

CLASS and COLLECTIVE ACTION Case No: 3:22-cv-00059-HES-MCR

Filed Declaration regarding the availability of EMR audit log records to show when staff were performing work.

CDL 1000, INC. v. SCOTT ROBERTSON

CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2022-CV-00415

Provided affidavit detailing the lack of compliance with the courts’ order requiring handover of Robertson’s personal smartphone and computer for forensic preservation and analysis relating to a departed employee investigation and alleged electronic trade secret misappropriation.

DEVIN ESTIME v. SOUTHERN CALIFORNIA PERMANENTE MEDICAL GROUP

SUPERIOR COURT OF THE STATE OF CALIFORNIA COUNTY OF LOS ANGELES, Case No.: 22STCV06517

Filed affidavit regarding electronic medical records and audit trail productions.

ROBERT BRONSTEIN v. LATIN SCHOOL OF CHICAGO

IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, LAW DIVISION,

Case No. 2022-L-003763

Completed forensics analysis of iPhone, Macbook, and iPad of defendant in the case.

CONNIE & GARY ANDERSON v. PATIENT FIRST MARYLAND MEDICAL GROUP

IN THE CIRCUIT COURT FOR BALTIMORE COUNTY Case No. C-03-CV-21-001814

Provided affidavit related to EMR and audit trail logs.

PHOTOFAX, INC. v. JOSEPH BRADY CIRCUIT COURT OF KANE COUNTY, IL Case No. 21-CH-000167

Provided affidavit detailing the forensic examination of the PhotoFax issued laptop by the departed employee. Reported on the destruction of evidence and provided support for a motion to compel examination of the devices still used by Joseph Brady to look for sensitive company data and trade secrets.

JAMES ABRAHAM, successor Trustee of the JOHN A. ABRAHAM TRUST v. ELIZABETH CHAPMAN

IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, MUNICIPAL DIVISION

Case No. 2020 M170426

Provided affidavit regarding the authenticity of alleged lease produced by the defendant relative to a forensic analysis of computing devices.

JOSEPH NICOLOSI ET. AL. v. STANDARD PARKING ET. AL.

CIRCUIT COURT OF COOK COUNTY, IL Case No. 20-L-007912.

Provided affidavit detailing EXIF photo metadata extracted from the Plaintiff’s production of alleged photos taken of damaged artwork and other effects. Identified photos that were edited after they were taken using Photoshop.

PATRICK T. MCKINNEY, BY AND THROUGH HIS LEGAL GUARDIAN, RONI S. MCKINNEY, AND RONI S. AND TIMOTHY C. MCKINNEY, INDIVIDUALLY AND AS THE PARENTS AND NATURAL GUARDIANS OF PATRICK T. MCKINNEY v. THE CLEVELAND CLINIC FOUNDATION AND THE CLEVELAND CLINIC HEALTH SYSTEM

COURT OF COMMON PLEAS OF CUYAHOGA COUNTY, OHIO Case No. CV-20-931-660.

Provided affidavit in support of a motion to compel for supervised on-site obtainment of the plaintiff’s full medical records. Involved Epic EMR software.

NIMISH SHAH, AS THE NATURAL SON OF PUSHPABEN C. SHAH, v. ST. LUKE’S EPISCOPAL PRESBYTERIAN HOSPITALS, D/B/A ST LUKE’S HOSPITAL, ET. AL. CIRCUIT COURT OF ST. LOUIS COUNTY, MISSOURI. Case No. 20SL-CC04023. Div. 8.

Signed an affidavit exhibiting deficiencies in Defense’s production and supporting a motion to compel for an on-site collection of the plaintiff’s medical records. Involved Cerner software.

MARC STRAUSS v. KATHLEEN VAN VALKENBURG, M.D. and SIGHT MEDICAL DOCTORS, P.L.L.C.

SUPREME COURT OF THE STATE OF NEW YORK, COUNTY OF NASSAU, Index No. 608054/2020.

Submitted an affidavit in support of a motion to compel for full medical records involving MyCare iMedicWare EMR software.

DEBORAH CARR v. HOSPITAL SISTERS HEALTH SYSTEM

IN THE CIRCUIT COURT OF THE SEVENTH JUDICIAL CIRCUIT SANGAMON COUNTY, ILLINOIS, Case No. 2020-L-105

Provided affidavit related to EMR and audit trail logs.

RONI S. AND TIMOTHY C. MCKINNEY, v. THE CLEVELAND CLINIC FOUNDATION

IN THE COURT OF COMMON PLEAS CUYAHOGA COUNTY, OHIO

Case No.: CV-20-931660

Filed affidavit regarding electronic medical records.

AUSTIN ROBERTS v. IOWA HEALTH SYSTEM d/b/a UNITYPOINT HEALTH, TRINITY MEDICAL CENTER

IN THE CIRCUIT COURT OF THE FOURTEENTH JUDICIAL CIRCUIT ROCK ISLAND COUNTY, ILLINOIS, Case No. 2020 L 76

Filed affidavit regarding electronic medical records and audit trails.

SMART MORTGAGE CENTERS, INC. V BRIAN NOE, EILEEN PRUITT, AND NEXA MORTGAGE, LLC

IN THE CIRCUIT COURT OF WILL COUNTY, ILLINOIS TWELFTH JUDICIAL CIRCUIT Case No. 20 CH 292

Filed an affidavit regarding allegations of trade secret misappropriation.

PHILIPS NORTH AMERICA, LLC v. FITBIT, INC.

IN THE US DISTRICT COURT FOR THE DISTRICT OF MASSACHUSETTS

Case No.: 1:2019cv11586

Filed affidavit relating to forensic inspection of electronic data relative to allegations of trade secret misappropriation.

ROBERT WATSON and MARK SAULKA, v. RYAN TODD WEIHOFEN and POOL TECHNOLOGIES, LTD.,

IN THE CIRCUIT COURT OF COOK COUNTY ILLINOIS COUNTY DEPARTMENT, CHANCERY DIVISION, Case No. 2019 CH 12252

Filed affidavit regarding the expected cost to comply with a subpoena for production of electronic medical records.

LOUIS ARGIRIS v. PAUL V. FAHRENBACH, M.D., GI SOLUTIONS OF ILLINOIS LLC, ATHANASIOS D. DINIOTIS, M.D., TIESENGA SURGICAL ASSOCIATES, S.C. d/b/a SUBURBAN SURGERY CENTER INCORPORATED, JOSEPH Z. PUDLO, M.D., and JOSEPH Z. PUDLO, M.D., S.C.

COOK COUNTY CIRCUIT COURT, ILLINOIS, Case No. 2019 L 012187.

Provided affidavit in support of a motion to compel for the revision history of the plaintiff’s medical records. Consulted with counsel in serving subpoena to EMR system provider.

Involved Greenway Health’s EHR platform.

CHRISTOPHER JOHANSEN v. NOW MARKETING SERVICES INC. AND INTERCOVE, INC.

CIRCUIT COURT OF WILL COUNTY, IL, Case No. 19-L-989.

Provided affidavit relating to departed employee apparent deletion activities including access of emails post employee departure in support of a motion to compel forensic preservation and analysis of the departed employee’s personal electronic devices.

ROBERT WATSON AND MARK SAULKA v. RYAN TODD WEIHOFEN AND POOL TECHNOLOGIES, LTD.

CIRCUIT COURT OF COOK COUNTY, IL, Case No. 19-CH-12252.

Provided affidavit discussing the expected costs of a third party producing electronically stored information.

BYRON FOXIE, as legal guardian and parent of TIGE W. FOXIE, v. ANN & ROBERT H. LURIE CHILDREN’S HOSPITAL OF CHICAGO, and ALMOST HOME KIDS, and OTHER UNKNOWN PARTIES, JOHN DOES 1-10 and ROE CORPORATIONS 1-10 CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 19 L 7430

Provided testimony in the form of three affidavits supporting a motion to compel during discovery due to deficiencies in EMR production. Involved Epic EMR software.

PHOTOFAX, INC. v. MICHAEL CALDARAZZO

CIRCUIT COURT OF KANE COUNTY, ILLINOIS, Case No. 19-CH-000217.

Performed forensic imaging of departed employee devices. Assisted with the construction of an ESI protocol. Analyzed, signed an affidavit, and testified regarding alleged misappropriation of trade secrets.

BLACK ROCK TRUCK GROUP, INC. FKA NEW ENGLAND TRUCK SALES AND SERVICE, INC. v. HARRY TARASIEWICZ and JOSEPH TARASIEWICZ

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK, Case No. 7:19-cv-2367

Performed preservation of evidence, search and production of ESI. Analysis regarding allegations of trade secret misappropriation. Provided testimony regarding fabrication of emails and destruction of evidence.

TERRI BROWN v. MOUNT SINAI MEDICAL CENTER OF FLORIDA, INC. ET. AL.

IN THE CIRCUIT COURT OF THE ELEVENTH JUDICIAL CIRCUIT IN AND FOR MIAMI-DADE COUNTY, FLORIDA

Case No. 2018-016560-CA-09

Filed affidavit regarding the inadequate production of Plaintiff’s electronic medical records.

JERAME ANDREWS, and THERESA ANDREWS v ANKLE AND FOOT CENTERS OF GEORGIA. ET. AL

IN THE STATE COURT OF GEORGIA FULTON COUNTY Case No. 18EV003536

Filed affidavit regarding the inadequate production of Plaintiff’s Electronic Medical Records.

UNITED STATES DEPARTMENT OF JUSTICE V. BUYANTOGTOKH DASHDELEG, PETITION FOR REMOVAL.

Executive Office for Immigration Review Chicago, Illinois, File No. A218-056-722

Filed affidavit regarding the authenticity of email transmitted.

PEOPLE OF THE STATE OF ILLINOIS v. CHRISTIAN DAIGRE

CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2018-cr-1626801

Provided affidavit regarding the lack of the original sources of data being preserved that would allow for authentication of SMS and MMS messages allegedly sent and received.

RILEY ANN BERGTHOLDT v. ADVOCATE HEALTH AND HOSPITAL CORP, ET. AL.

CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 2018-L-8647

Provided affidavit detailing deficiencies with defendant’s production of Electronic Medical Records (hereafter “EMR”) produced from Allscripts and from EPIC.

ANDREA BROCK, MICHAEL BROCK, S.B. v. THE UNIVERSITY OF CHICAGO MEDICAL CENTER D/B/A COMER CHILDREN’S HOSPITAL

CIRCUIT COURT OF COOK COUNTY, IL, Case No. 18-L-1175.

Provided affidavit in support of a motion to compel production of the Patient’s complete EMR, including Defendant’s secure file storage system, “Sticky Notes”, “In Basket” messages, audit trail records and complete revision history of the EMR as stored in the EPIC Hospital Information System.

TERRI BROWN, an individual, and ALAN ROCK, her husband, v. MOUNT SINAI MEDICAL CENTER OF FLORIDA, INC. d/b/a MOUNT SINAI MEDICAL CENTER, a Florida Corporation; and WILLIAM F. BURKE III, M.D., an individual; and BRETT C. FUKUMA, M.D., an individual

CIRCUIT COURT OF MIAMI-DADE COUNTY, FLORIDA, Case No. 2018-016560-CA-09.

Filed two affidavits in support of a motion to compel for an on-site collection of plaintiff’s electronic medical records. Involved Epic EMR software and Synapse PACS.

THE FOREST PRESERVE DISTRICT OF COOK COUNTY V. ROYALTY PROPERTIES, LLC; CANNON SQUIRES PROPERTIES, LLC; MERIX PHARMACEUTICAL CORPORATION, RICHARD KIRK CANNON, MERYL SQUIRES-CANNON, MCGINLEY PARTNERS, LLC, AND ROYALTY FARMS, LLC CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 18 L 315.

Provided in courtroom testimony on the significance of electronic file metadata as it relates to when documents were received and modified.

BROWARD ENERGY PARTNERS v. RAPPAPORT

CIRCUIT COURT OF COOK COUNTY LAW DIVISION, Case No. 18 L 1096.

Provided in court testimony and testimony via affidavit to assist with eDiscovery protocol process and address allegations of spoliation, withholding of information and authenticity of email.

JORIE LP, KOPLIN AND CONTENT CURATION & DATA ASSET MANAGEMENT v. ROBERTS MCGIVNEY ZAGOTTA ET AL.

CIRCUIT COURT OF DUPAGE COUNTY, ILLINOIS, Case No. 17 L 728.

Provided in court testimony and testimony via affidavit involving issues of email authenticity, cell phone fabrication of evidence, and eDiscovery.

MCMAHON v. DIGITAL FUEL SOLUTIONS

CIRCUIT COURT OF WILL COUNTY, ILLINOIS, Case No. 15 L 681.

Provided written affidavits regarding alleged software code misappropriation. Assisted counsel with seeking preservation of electronic data from third parties.

BORCHERS V. FRANCISCAN TERTIARY PROVINCE OF THE SACRED HEART, INC., ET. AL..

Case No. 2011 IL App (2d) 101257.

Testified in support of violation of the Electronic Communications Privacy Act by Plaintiff’s former employer.

http://www.illinoiscourts.gov/opinions/AppellateCourt/2011/2ndDistrict/December/2101257

.pdf

SABAN v. PHARMACARE MANAGEMENT, LLC ET. AL.

NORTHERN DISTRICT OF ILLINOIS (Chicago), Case No. 1:10-cv-02428.

Rebuttal witness regarding trade secret misappropriation.

TRANCO INDUSTRIAL SERVICES, INC. v. CAMPBELL

NORTHERN DISTRICT COURT OF INDIANA, HAMMOND DIVISION, Case No. 07-CV-206.

Won TRO – Violation of Computer Fraud & Abuse Act – Trade Secret Misappropriation Supervised and prepared our testifying expert for this case.

VALUEPART v. ITR NORTH AMERICA ET. AL.

NORTHERN DISTRICT COURT OF ILLINOIS, EASTERN DIVISION, Case No. 06-CV-02709.

http://www.forensicon.com/resources/case-summary/valuepart-v-itr

CHARLES A. KRUMWIEDE v. BRIGHTON ASSOCIATES, LLC AND ISMAEL C. REYES

NORTHERN DISTRICT COURT OF ILLINOIS, EASTERN DIVISION, Case No. 05-C-3003.

Supervised and prepared our testifying expert for this case. http://www.forensicon.com/resources/case-summary/krumwiede-v-brighton-associates/

S.C. JOHNSON & SON, INC. v. MILTON E. MORRIS ET. AL.

CIRCUIT COURT OF RACINE COUNTY, WISCONSIN, Case No. 04-CV-1873.

Led the investigation and preservation effort that uncovered personal webmail, revealing a fraudulent kickback scheme, which resulted in a law enforcement sting and later a successful conviction of the accused. This ultimately resulted in an award of $203.8 million to compensate SC Johnson & Son, Inc. for its losses. https://www.forensicon.com/resources/case-summary/wisconsin-appeal-sc-johnson-vs-mor ris-schelle/

LIEBERT CORPORATION ET. AL. v. JOHN MAZUR ET. AL.

CIRCUIT COURT OF COOK COUNTY, CHANCERY DIVISION, Case No. 04 CH 02139.

Appellate Court, Second Division, Case No. No. 1-04-2794.

Provided testimony via affidavit and in court, identifying patterns of trade secret misappropriation.

KALISH v. LEAPFROG ONLINE ET. AL.

CIRCUIT COURT OF COOK COUNTY, ILLINOIS, Case No. 03-L-011695.

Performed analysis of the computer used by the recently departed employee and reported on the employee’s actions to the court.

http://www.forensicon.com/resources/case-summary/kalish-v-leapfrog-online/

LORILLARD TOBACCO COMPANY v. CANSTAR (U.S.A.), INC. ET. AL.

NORTHERN DISTRICT COURT OF ILLINOIS, EASTERN DIVISION, Case No. 03-C-4769.

Performed forensic preservation and forensic analysis that resulted in identifying a counterfeiting syndicate. Located personal email accounts and offshore wiring accounts used to perpetrate the counterfeiting scheme. More than $5 million was awarded from Neubecker’s discovery of a counterfeit scheme.

EDUCATION & PROFESSIONAL DEVELOPMENT

TECHNICAL SKILLS

Managed Engineering Development and data analysis activities across many disparate technologies, from legacy through more recent technologies and platforms including;

Database Technology:

Filemaker, MySql, Oracle, Sql, Sql Server, Law eDiscovery, & Medical ERP Patient Record Systems

Forensic Software:

Aircrack, Airmon, Access Data, Mobile Edit Pro, Cellebrite, Encase, Paladine, Recon Lab, Forensic Toolkit, Paraben, & WiFite

Online Reconnaissance:

Dark Web, IRC, GFI Languard, Maltego, & Usenet

Security Monitoring:

Nmap, Splunk, Snort, Wireshark, Sophos UTM, & Shodan

Operating Systems / Command Line Shells:

Mac OS X, Windows (Dos/3.1/NT/2000/XP/Vista/2008/2012/7/8/10), Windows Server NT, 2000, 2008, 2012 (Active Directory, Group Policy Management, Certificate Management), Bash, Busybox, Amiga, Commodore, CPM, TI 99/4a, Grub, Kali Linux, Linux, Raspbian OS, Solaris, VMware, Raspberry PI OS, & Unix

Programming:

C++, CVS, DOM, Pascal, Xcode, Xml, Kintone, Python, Fabric & Visual Basic

Software Applications:

MS Office, SDR, Webx, WebTrends, Camtasia, Adobe Photoshop, MS Office, MS Project, MS Access, MS Excel, MS Powerpoint, MS Word, MS Visio, Peachtree, Quickbooks & Quicken

Web:

Expert in Search Engine Optimization, ASP, Coldfusion, HTML, Java, Javascript, Python, PHP, Scripting Languages, Artificial Intelligence, & WordPress

EDUCATION & PROFESSIONAL DEVELOPMENT

  • M.B.A., Magna Cum Laude – Babson F.W. Olin Graduate School of Business – Wellesley, MA
  • B.B.A. Finance, Magna Cum Laude – Eastern Michigan University Ypsilanti, MI
  • Guidance Software – EnCase® Introduction to Computer Forensics 32 credits – Sterling, VA
  • Guidance Software – EnCase® Intermediate Analysis and Reporting 32 credits – Sterling, VA
  • Guidance Software – Information Risk and Policy Compliance 3 credits – Chicago, IL
  • Continuing Education – Computer Programming – Harry S. Truman College – Chicago, IL
  • Novell Computer Network Training – Walsh College – Troy, MI

PROFESSIONAL EXPERIENCE

EnigmaForensics.com — President & CEO
Chicago, IL (8/2018 – Present)

  • Provided direct consulting to clients involving complex issues relating to eDiscovery
  • Retained by Government Agency to assist with deposing technical deponent in litigation relating to patient health care records
  • Assisted with developing a court approved protocol for production of ESI
  • Conducted complex investigations involving the authenticity of emails

HaystackID — Chief Information Officer
Boston, MA (4/2018 – 7/2018)

  • Managed all IT resources for eDiscovery production environment and internal systems
  • Oversaw data center migration
  • Created documentation and work ticketing system for tracking problems and improving service response
    HaystackID — Boston, MA (1/2018 – 3/2018)Chief Information Security Officer
  • Performed initial security assessment of organization
  • Prepared for GDPR compliance initiatives of organization
  • Outreach to potential clients

FORENSICON, a QDiscovery Company — Founder and consultant, Chicago, IL (2016 – 2017)

  • Identified opportunities to provide existing client base with services available from combined companies
  • Presented on the Telephone Consumer Protection Act regarding strategies towards mitigating lawsuits

FORENSICON, INC. — Chicago, IL (2000 – 2016)President & CEO

  • Conducted fraud examinations involving misappropriation of funds, trade secrets, tax evasion, money laundering, and other white collar related investigations
  • Supervised a team of forensics experts in providing complex litigation plaintiff and defense consulting
  • Appointed by the U.S District Court of the Northern District of Illinois to assist defense counsel in the trial against accused terrorist trial of Tahawwur Rana – The single count where my firm presented testimony, the defendant was found not guilty
  • Performed online investigative work to identify and assist law enforcement with the apprehension of the Boston Bombing perpetrators, Dzhokhar and Tamerlan Tsarnaev
  • Uncovered and reported the third known data breach of the Chicago Board of Elections voter database and election worker personal information
  • Supervised testifying experts on many cases of record to prepare technical experts for cross examination and rebuttal of their findings
  • Preserved electronic evidence for a range of clients using legally sanctioned protocols
  • Selected as preferred vendor by the Illinois Attorney Registration Disciplinary Commission – assisted with investigating various claims filed against licensed Illinois Attorneys
  • Developed Custom ERP System for evidence management, project management, time tracking and billing
  • Provided expert testimony to resolve disputes for various commercial, nonprofit, and governmental agency clients
  • Appeared several times as a computer forensics expert on WCIU TV Chicago Channel 26, First Business, NPR Business News, NBC Chicago and more
  • Led data breach first responder efforts for; State Government Social Services Department, Non-Profit HealthCare Organization, Financial Services Company, Accounting Firm, Private Membership Club Organization and various Corporations
  • Oversaw the development and presentations made to attorneys and legal support staff at the Chicago Bar Association, Illinois Attorney & Discipline Regulatory Commission, DuPage County Bar Association, various associations and more
  • Provided expert witness testimony regarding willful deletion of evidence by a departing employee where the testimony was upheld on appeal proving spoliation of evidence
  • Compiled emails from numerous platforms into popular litigation support platforms
  • Speaker at various events on the topic of computer forensics (see list below)
  • Performed computer forensics examinations in FBI forensics labs
  • Led the successful forensic analysis defense efforts against a law firm client of our firm that was accused of willful spoliation of evidence – discovered and reported our findings to Judge Mikva that no spoliation had occurred as alleged, the drive was merely encrypted and contained all information
  • Led numerous anonymous online defamation investigations resulting in the identification of many anonymous persons responsible for the defaming activities
  • Expert in Search Engine Optimization

LYCOS, INC. — Senior Product Development Manager, Community Products Group,
Waltham, MA (1998 – 1999)

  • Managed and/or launched a large group of products including chat, message boards, and games
  • Responded to SEC/FBI Inquiries pertaining to illicit behavior in Lycos network online properties
  • Tracked hacker attacks on the Lycos network of sites to help identify and prosecute offenders
  • Implemented safeguards against denial-of-service attacks across product group
  • Instituted product development and service roadmap management system for teams
  • Created & managed multiple cross-functional product teams
  • Managed transition of products from external to internal hosting
  • Led engineering team on the development of scalable & secure online products

INNOVATIVE CONSULTING, INC. — President Brownstown, MI (1994 – 1997)

  • Led a company of five professionals providing IT support to various sized Companies
  • Provided Network support in a multi server environment (NT, Novell, Mac, Linux)
  • Implemented financial management software for tier 3 automotive suppliers
  • Designed & executed disaster recovery procedures for multiple businesses
  • Architected multi-office communication infrastructure for multiple companies

‌‌COMERICA BANK — Securities & Trust Fund Accountant, Detroit, MI (1994)

  • Audited security transactions for bank trust funds
  • Researched discrepancies in reporting
  • Published & verified daily yield rates of several portfolios of marketable securities
  • Initiated automation of trust fund daily reporting

FORD MOTOR COMPANY, INC. — Detroit, MI (1992 – 1994)Product Pricing Analyst

  • Estimated cost impact on production forecast for various product design changes
  • Benchmarked sourced products to ensure price competitiveness
  • Designed & implemented a profit forecasting system using Excel & EDI

PRESENTATIONS

  • “Keys to Unlocking Electronic Medical Records EMR”, MCLE Tuesday May 25, 2021 delivered via Zoom co-sponsored by the Illinois Public Defender Association, the Illinois Innocence Project, the Center for Integrity in Forensic Sciences, and the Family Justice Resource Center.
  • Illinois Public Pension Advisory Committee: Friday, December 2nd’s IPPAC Winter Conference “The Imminent Threat of Cyber Attacks to your Pension Boards” panel
  • National Society of Insurance Investigators: “Cellphones, Pictures, Videos . . . What a Cyber Forensic Investigation Can Reveal”, December 4th, 2014
  • The Disaster Conferences : “Cyber Threats and Data Breaches”, September 18th, 2014
  • First Chair Awards : “Data Breach & Incident Response: How to Mitigate Your Risk Exposure”, August 2014
  • Cigar Society of Chicago : “How to Catch a Terrorist”, September 2013
  • ICPAS Fraud Conference 2012: “What a Responsible Professional (CPA or Attorney)
  • Should Know about eDiscovery and Document Management”, September 2012
  • Law Bulletin E-Discovery Seminar: “Managing Scope & Review”, June 28th, 2011
  • NetSecure ‘11: IT Security and Forensics Conference and Expo: “Protecting Digital Assets from Hackers and Thieves”, March 24th, 2011
  • Chicago Association of Litigation Support Managers, CALSMposium: “Seventh Circuit Electronic Discovery Pilot Program”, October 7th, 2009
  • National Business Institute – “E-Discovery Searching the Virtual File Cabinets”:(co-presented with Christopher S. Griesmeyer, partner at Levenfeld Pearlstein, LLC and David W. Porteous, partner at Faegre Baker Daniels LLP) “Obtaining Electronic Data & Best Practices in using Computer Forensics”, September 19th, 2008
  • Law Bulletin E-Discovery Seminar — “Electronic Discovery in Practice”: (co-presented with Jennifer Wojciechowski of Kroll Ontrack) “Avoiding the Pitfalls of the Electronic Era”, October 2005
  • Institute of Internal Auditors, Chicago West Chapter Meeting: (co-presented with Cameron Nelson, attorney at Greenberg Traurig) “Using Computer Forensics To Conduct Investigations”, May 9th, 2006
  • Association of Certified Fraud Examiners Workshop: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) “Using Computer Forensics to Conduct Investigations”, February 10, 2006
  • Chicago Law & Technology Conference: “Computer Forensic Update”, co-presented with Greenberg Traurig LLP Attorney Cameron Nelson, February 23, 2006
  • FagelHaber, LLC’s E-Discovery Conference: (co-presented with Richard Chapman, Gary Green, David Rownd and Robert Kamensky, attorneys at FagelHaber, LLC) “Avoiding the Pitfalls of the Electronic Era”, October, 2005
  • Chicago Bar Association, CLE Seminar: (co-presented with Kathryn Hoying, attorney at Johnson & Bell, Ltd.) — “Deliverables to Request From Your Computer Forensics Examiner”,2005
  • Chicago Economic Development Council: “Internal Fraud Investigations”, 2005
  • Law Bulletin Publishing Company E-Discovery Conference 2005: “Show me the Smoking Gun!”, 2005
  • American Law Firm Association’s International Client Seminar 2005: (co-presented with Joe Marconi, attorney at Johnson & Bell, Ltd and Donald Kaufman, attorney at McNees, Wallace & Nurick LLC) — “Discovery, Document Retention & eDiscovery in aPost-Enron/Andersen World”, 2005
  • Chicago Bar Association, CLE Seminar: (co-presented with William J. Cook of Wildman Harrold, Jeffrey L. Hartman of Competitive Advantage Solutions and Mark S. Simon of Eclipsecurity, LLC) “Computer Forensics For Lawyers”, May 6th, 2004
  • Chicago/Milwaukee Joint Midwest Law & Technology Conference 2004: “Finding the Smoking Guns: Legal Computer Forensics Without the Geekspeak”, November 30th, 2004
  • Chicago Bar Association, CLE Seminar: “Resolving Intellectual Property Theft with Computer Forensics”, October 20th, 2004
  • Chicago Bar Association, CLE Seminar: “Computer Forensics for Lawyers”, May 6th, 2004
  • Law Bulletin Publishing Company E-Discovery Conference: “Electronic Document Collection and Processing”, April 27th, 2004
  • LegalTech 2003, Chicago : “True Electronic Discovery”, October 30th, 2003
  • Chicago Bar Association (Law Office Technology Committee): “Electronic Discovery 101”, 2003
  • Illinois Academy of Criminology: “Electronic Discovery 101”, Circa 2003
  • Greater Chicago Chapter of the Association of Legal Administrators: “Electronic Discovery 101”, Circa 2003
  • Chicagoland Chamber of Commerce: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
  • NORBIC: “Web Page Programming For Search Engine Effectiveness”, Circa 2001
  • Law Practice Today — (July 2004) — Invited to be a contributing expert on a roundtable article by Dennis Kennedy on the online magazine: http://www.abanet.org/lpm/lpt/articles/ftr07041.html

ARTICLES

CURRENT & PAST MEMBERSHIPS / CERTIFICATIONS

  • Certified Information Systems Security Professional (CISSP) — Chicago Chapter
  • HTCIA (High Tech Crime Investigation Association) — Past President — Midwest Chapter
  • Illinois Academy of Criminology — Chicago Chapter
  • U.S. Secret Service Electronic Crimes Task Force Member — Chicago Midwest Region
  • Union League Club of Chicago — Technology Group Member
  • Association of Certified Fraud Examiners — Associate Member
  • State of Michigan — Private Investigator — License Number 3701205872

GE Engineer sentenced to 2 years for stealing trade secrets

A trade secret theft from General Electric that was in the works for 11 years finally ended in jailtime.

A former General Electric engineer has been sentenced to 2 years in federal prison for stealing trade secrets. Jean Patrice Delia conspired with Miguel Sernas to compete against CE worldwide.


Image from Pexels – CC0 License

Jean Patrice Delia from Montreal pleaded guilty to the charges. Delia admitted that he had worked with another man to use trade secrets from GE to compete against the company. Miguel Sernas, from Mexico City, and Delia went into business together at ThermoGen Power Services. Delia stole the information from GE in Schenectady, between the years of 2001 and 2012.

He was accused of stealing thousands of electronic files from GE. The files included exclusive tools developed to calibrate turbines in GE’s worldwide power plants. Delia has been ordered to jail for 2 years as well as ordered to pay $1.4 million in restitution. His final sentence is shorter than that asked for by prosecutors. They had originally requested a term of 3 years and 1 month. They argued that Delia was the person who stole the materials and was the driving force behind the plan. Prosecutors pointed out that the crime was not victimless. Prosecutors argued that many people were effected and the consequences should reflect that.

On the other hand, Delia’s attorney Paul S. Folk asked for time served, saying that he had accepted responsibility and was trying to make amends. Delia entered his guilty plea almost 2 years ago, in December 2019. Miguel Sernas was sentenced to time served which amounted to about a year in jail. He was also ordered to pay $1.4 million, the same amount as Delia.

Other employees stealing trade secrets in recent cases

Another recent case involving trade secrets theft is that of a former employee at Pfizer. Chun Xiao Li is being sued by her previous employer. Pfizer alleges that Li stole trade secrets including documents relating to their COVID-19 vaccine, as well as other products. They allege that she uploaded over 12,000 documents. Additionally, she allegedly lied about why and where the files were stored on a private Google Drive account. Li had been working as an associate director of statistics. She had already been under investigation by Pfizer when she resigned from the company in November.

Also in recent weeks, the first Chinese spy has been convicted in the US of economic espionage for trying to steal aviation trade secrets. Yanjun Xu has been convicted of two counts of conspiring and attempting to commit economic espionage, conspiracy to commit trade secret theft and attempted theft of trade secrets. He could be fined more than $5 million and receive up to 60 years in prison. Xu targeted several aviation and aerospace companies, including GE Aviation, which is a unit of General Electric. He was first arrested in Belgium in 2018, with his extradition to the US following six months later.

Both large corporations and small businesses could be at risk of intellectual property theft and trade secret misappropriation. These prominent cases in the news could result in organizations taking steps to reduce the risks of this happening.

Trade Secret Theft and Misappropriation in the Food Industry

Rarely do we hear about trade secret theft and misappropriation in the food industry. It happens! Read about this high profile case involving a famous food celebrity chef!

America’s Test Kitchen (ATK) sues Christopher Kimball for Misappropriation of Trade Secrets

Here is another example of trade secret theft. Check out this blog to see how business and personal emails played a role in the misappropriation of trade secrets. Yes, there is trade secret theft in the food industry!

Who isn’t a fan of cooking shows?

Have you ever watched American’s Test Kitchen (ATK) on public television? In addition to the show, ATK is a multimedia company that has holdings in public television programs such as America’s Test Kitchen, Cook’s Country, cooking magazines and books, and several websites? Who knew? We love watching celebrity chefs like Christopher Kimball and other specialized professionals test the great American recipes like meatloaf, roast chicken, and apple pie!

Trade Secret Missappropriation Lawsuit or Foodie Divorce?

Christopher Kimball was the face and personality behind America’s Test Kitchen and Cook’s Country. In November 2015, Kimball left ATK’s program and started his own program called Christopher Kimball’s Milk Street. When two parties split it’s called a divorce, well, you guessed it, ATK sued Christopher Kimball, the co-founder, part owner, celebrity chef, and the former host of its TV shows. Almost a year later, America’s Test Kitchen Inc. filed a lawsuit on October 31, 2016, as the Plaintiff. They wanted Kimball to change his business model. We call this a foodie divorce.

ATK said Kimball duplicated what he did on the show on Milk Street and that he misappropriated its trade secrets and breached his fiduciary duty to the company. In addition, they claimed that while Kimball was working at ATK as he actively created his new company Milk Street. According to ATK, Kimball stole its collection of recipes, TV show ideas, media contacts, and subscriber information. As a result, ATK sought damages against Kimball and wanted a large sum of all profits that he has derived through the use of the trade secrets he allegedly misappropriated from America’s Test Kitchen.  Other defendants named were Melissa Baldino, Kimball’s wife and a former executive director of ATK, Christine Gordon, and Deborah Broide. ATK claimed they aided and abetted Kimball’s breach of his fiduciary duties.

Non-Compete Agreement between ATK and Kimball

It seems that ATK and Kimball did not have a formal non-compete agreement in place. To protect intellectual property, corporations use a non-compete agreement where the employee agrees not to enter into competition with the employer during or after employment. If an employee departs and takes intellectual property without permission that’s considered trade secret theft and misappropriation.

It’s all in the Email!

This case is an example of where most evidence of trade secret misappropriation can be found. It’s all in the email! A variety of emails were attached to the complaint that included notes between Gordon and real estate brokers, between Kimball and an IT consultant covering such issues as how to copy and store tons of recipes. There were emails discovered between Broide and Kimball regarding the media lists; between Gordon and the ATK help desk about whether company scanners would keep copies of documents she scanned.

The Foodie Divorce finally settled!

To all our fellow foodies the good news is that both parties settled. Kimball agreed to return his ATK shares to the company for an undisclosed price. In the end, they agreed to business terms that will allow America’s Test Kitchen and Kimball’s company, Milk Street to co-exist. Giving us foodies the benefit of watching both shows!

Enigma Forensics is a computer forensic company with litigation experts that partner with attorneys to represent plaintiffs and defendants to help prove their case. We dig for evidence of trade secret theft or misappropriation of intellectual property. Most of all we are foodies! We found this story about trade secret theft and misappropriation in the food industry fascinating and wanted to share.

To learn more about Trade Secret Misappropriation

Top Things That Will Protect Company Trade Secrets

Trade Secret theft = loss in revenue. Use your spider sense when someone from your team departs the company. They can unsuspectedly upload electronic data to the Cloud for later use that will drain your company of future revenue and present an immediate loss! Be aware-hire an expert to forensically image the departed employees hard drive. It will save you money and headaches!

Every company will have an employee leave but how do you protect the company’s trade secrets from leaving with them?

It is more common that you know for employees to leave for a competitor. On their way out the door, they will take with them proprietary data that can result in great harm to an organization including; loss of employees, customers, and important revenue streams. If someone on your team recently left your company and is suspected of having joined a competitor, it is vitally important to take immediate steps to protect your organization’s electronic assets.

What types of data do departed employees take?

Enigma Forensics has seen it all!
1. Client Lists
2. Blueprints
3. Historical quotations
4. Programming files
5. Source Code
6. Rebate levels offered from various vendors
7. Supply Chain information
8. Business protocols that competition can replicate

Hire an Expert!

When investigating departed employees the first step is to create a forensic image of the past employee’s hard drive. We recommend NOT to ask an internal employee to perform this task but most importantly hire a qualified computer expert from outside your company. This avoids any underlying loyalty current employees may have for the departed team member. An expert is trained to ensure the chain of custody is preserved so that it can be presented during a trial. Many have learned that hiring an expert is worth every dime!

What are the benefits?

Enigma Forensics computer experts will look for all types of activity that took place, including websites visited, files accessed, files transferred to external media, files uploaded to DropBox or other cloud accounts, concealment activities; encryption, and deletion of electronic evidence.

If your company is on the other side of a trade secret misappropriation litigation, we encourage you to hire an expert that will perform an initial assessment of the new employee’s activities. This will provide you with the benefit of knowing if the employee did something that could prove harmful to your company. It’s not uncommon that misappropriated trade secrets are done without the new employer’s knowledge. Yet, the new employer can be named in litigation as a co-defendant! Ouch!

Enigma Forensics has worked for both the plaintiff and defendant in trade secret litigation. Our experts are CISSP certified, what is CISSP? Certified Information Systems Security Professional. This advanced level of certification is considered the gold standard in the field of information security. It is a globally recognized certification offered by (ISC)2. (ISC)2 is known to be the world’s leading organization specializing in certifications and training for professionals in the cybersecurity domain. Click here to learn more about ICS2. https://www.isc2.org/

Call Enigma Forensics at 312-668-0333 for a complimentary consultation.

To Learn More about Trade Secret Theft

Jacob Meister’s First 90 Days

Most voters think the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government. Candidate Jacob Meister vows to clean up the office and deliver much needed ethical reform.

Enigma Forensics President & CEO Lee Neubecker interviews Jacob Meister, who is running for the office of Cook County Clerk of the Circuit Court. Lee is interested to learn more about what Jacob Meister plans to do in his first 90 days in office.

View Part 2 of our 4-Part Series on Jacob Meister, Candidate for Cook County Clerk of the Circuit Court

Part 2 of our 4-Part Series on Cook County Clerk of Circuit Court Candidate Jacob Meister

The Video Transcript follows

Lee Neubecker: Hi, I have Jacob Meister, who’s running for Cook County Clerk of the Court. He’s back on my show today. Jacob, thanks for coming back on.

Jacob Meister: Thank you for having me.

LN: So, as a candidate for Cook County Clerk of the Court, which is one of the largest court systems in the U.S., what do you see as your top priority in your first 90 days in terms of fixing a big problem that needs to be addressed?

JM: Well, the Clerk of the Circuit Court of Cook County’s office is ground zero of what’s wrong ethically in Cook County government, you know? The voters in recent years have elected a new Cook County Assessor, Fritz Kaegi, a new mayor, Lori Lightfoot, and have made clear that they demand ethical reform, in government, and the Clerk of the Circuit Court is ground zero of what needs to be fixed. This is an office that for decades and decades has been plagued with political patronage, political workers getting jobs at the public expense in order to do political work. We have to stop that, and in my first months in office, I want to make sure that we are cleaning up the office to make sure that we are delivering taxpayers value for their money and that employees are dedicated first, foremost and exclusively to serving the public interest in the clerk’s office. We cannot get over the operational problems that this office has until we first clean up the ethical issues. So, I want to make sure that the patronage in the office comes to an end. That we comply, there’s currently a federal decree, it’s called the Shakman Decree, that the office is under that requires patronage to hiring, to not be done by patronage. I want to make sure that people are promoted from within, not given these political jobs where employees are beholden to the party machine.

LN: Great, well, thanks for being on the show, Jacob.

JM: Thank you, Lee.

View Part 1 of our 4-Part Series on Jacob Meister

Part 1 of our 4-Part Series on Cook County Clerk of the Circuit Court Candidate Jacob Meister

Other Related Articles

Preventative Measures: Medical Devices

What is a FIPS 140-2 and how does it play a role in medical devices? Are medical devices manufactured with security in mind? Experts Lee Neubecker and Keith Handler discuss medical device security.

What measures are in place to help protect medical devices from cyber compromise? President & CEO of Enigma Forensics, Lee Neubecker gained insight into the latest and greatest preventative measures being developed for medical devices. Lee sat down with the top engineer for Sterling Medical Devices, Keith Handler and explored technical measures applied to the manufacturing process of medical devices. Check out this video to learn all about the tech measures. You will be so much smarter if you do!

Part 3 of our 3-Part Series on Medical Devices

Part 3 of our 3-Part Series on Medical Devices

The video transcript of Preventative Measures: Medical Devices follows.

Lee Neubecker: Hi, I’m back on the show again with Keith Handler from Sterling Medical Devices. Keith, thanks for coming back.

Keith Handler: Hi Lee, thanks for having me.

LN: So in our 3rd segment on medical device security, we’re going to talk a little bit more about some of the hardware elements, how the software gets loaded onto medical devices and what things are in place to help protect medical devices from cyber compromises. So first, Keith, can we start off with telling everyone what FIPS 140-2 is and how that plays a role?

KH: Yeah, absolutely. FIPS is the Federal Information Processing Standard, 140-2 is the specific certification for encryption libraries. That certification means that those encryption libraries are proven to be usable and certified to be usable for federal systems and medical systems.

LN: Most hospitals require FIPS 140-2 for immediate devices if you’re transferring PHI, Patient Health Information. If you’re transferring that information to external storage, they want to make sure you’re using secure storage that meets federal information processing standards.

KH: Correct.

LN: So when you’re evaluating a device for security, what are some of the things that you do to help ensure that the firmware that’s stored on the chips is secure and safe?

KH: Well, an embedded device it’s a challenge, of course, you have limited space, limited capabilities typically, especially on lower power devices. If you’ve got the space and the ability, we can use hardware encryption chips, hard-circuits, those are usually the most reliable and the most performant. If not, there’s plenty of embedded libraries out there that are FIPS 140-2 certified. The main thing being that we never roll our own as far as encryption libs go, we use federally certified ones to ensure that we’re up to the current standards and encryption strength.

LN: Those standards change over time.

KH: Correct, yes.

LN: At one point and time, SHA-1 encryption used to be considered perfectly fine, but now with quantum computing, there’s been a rush to ditch SHA-1 and require SHA-2 as encryption library to help secure things.

KH: Yes, this brings up an important point actually. How do we keep things secure moving forward when new vulnerabilities are found, new attacks are found, libraries are cracked.

LN: Yeah so, what do hospitals and other healthcare providers need to be doing to ensure their devices stay secure once deployed?

KH: Well, hospital healthcare providers need to be making sure that they are up-to-date with the manufacture of all of their devices, that they are keeping apprised of any kind of recalls or anything like that. Manufacturers, the people that we typically deal with, product developers, their responsibility is to maintain a bill-of-materials, a cyber bill-of-materials; their libraries, their encryption circuits, make sure that they’re tracking the versions and things like that so that when a company has a vulnerability exposed, they can become aware and make updates and push them, software especially, as fast as possible.

LN: All right, so if an organization or a healthcare entity were to become compromised, have you been involved with supporting the client that underwent a cyber compromise?

KH: I have not, we’re usually in the earlier stages of developing the products prior to that occurring, and our products hopefully never get compromised.

LN: So I’d imagine though that if there’s a concern about the security of certain medical devices, that there’s a need to actually dump the firmware. Firmware is software stored on an embedded chip. But the firmware will persist after power-down, reboot to whatnot, but there is an ability to go and extract the firmware of the chip with the correct tools, such as a Bus Pirate, or other devices. And then what would you do to examine, if you had access to the firmware on a chip, how would you go about ensuring that that’s authentic?

KH: Well the first thing is if we’re going to push out firmware, things like that, you need to make sure that the device can know that it’s authentic. And we do things again, like digital signing, signature verification encrypting of that firmware package. That way we have a verification process in place to ensure that what we’ve got coming down is good.

LN: So that’s known as a hash.

KH: That’s part of it yes.

LN: So the hash value is the unique encrypted thumbprint generated by a hash algorithm and those hash values can be used to compare against the manufactures release version and what’s on the chip to determine, are they running the most recent up-to-date firmware, or are they running a older version or are the running something that’s rogue that is not known by the manufacturer.

KH: And that’s the real key, to make sure that what we’re running is what we expect it to be and not something that has been tampered with.

LN: How often are hospitals and IT staff actually auditing and checking their firmware?

KH: You know I’m not clear on that, but I would say almost certainly not enough.

LN: Yeah, so that’s one of the things that I know you’ve said earlier, that it’s important that all these entities using the devices, once they’re certified and deployed, there’s still a responsibility on the healthcare delivery organizations to make sure that they’re patching and updating those devices so that they keep the standards.

KH: Ideally. Nowadays, a lot more devices are connected, communicating out with central servers, and that gives them the advantage of being able to receive security updates, so it takes that middleman out, essentially, but that also opens up additional potential security holes that have to be considered and protected against.

LN: Yeah, and anything that comes to mind that you’re concerned about in regard to new threat factors?

KH: Well, you know, again, if I’m distributing firmware by handing it to you on a USB stick, you can be pretty certain that what I’m giving you is likely to be good. If I’m telling you download it from this site, you don’t know. For all you know, it could get tampered with in transit. So it raises a lot of additional risks.

LN: Do you think that there’s something to be said for going back to the old updates on CD, read-only media?

KH: Well, you know, information is what it is, and things mover faster nowadays, so I don’t know that it makes sense to move backward, it just means that we have to have more modern methods of protection.

LN: But thanks a bunch for being on this show. This is great stuff.

KH: You’re very welcome, and thanks for having me.

LN: It’s my pleasure.

View Part 1 of our 3-Part Series on Medical Devices

Part 2 of our 3-Part Series on Medical Devices

Other Related Articles

Overview of the FDA’s Medical Device Regulations

https://www.fda.gov/medical-devices/device-advice-comprehensive-regulatory-assistance/overview-device-regulation

Sterling Medical Devices website

https://sterlingmedicaldevices.com/

AI Smarter Solutions: eDiscovery

Artificial Intelligence (AI) can be used to vastly improve the eDiscovery document review process. Zylab is one of several eDiscovery vendors offering solutions utilizing AI. Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference 2020 in New York. Lee and Jeffrey discuss how AI can be used to conduct more effective eDiscovery.

Artificial Intelligence (AI) technology is everywhere. It’s hard to imagine how it’s being used in the legal industry where legal libraries filled with law books and courts filled with black-robed judges reign. In this formal traditional world, AI is now providing smart solutions for today’s electronically stored information or ESI and is streamlining the way the Legal Industry works.

In this video, Lee Neubecker, Computer Forensic Expert, and President & CEO of Enigma Forensics met with Jeffrey Wolff, Director of eDiscovery Solutions at ZyLAB during his visit to the Legal Tech Conference in New York. Lee and Jeffrey analyze how Artificial Intelligence (AI) develops smarter solutions in the eDiscovery process. Jeffrey shares with Lee that ZyLAB’s mission is to provide automated full-text retrieval using AI, for both on-premise or cloud-based solutions.

Watch Part 1 of a Three-Part Series on Artificial Intelligence (AI) and eDiscovery.

The video transcript of AI Smarter Solutions: eDiscovery follows.

Lee Neubecker: Hi, I have Jeff Wolff, back on the show from ZyLAB. Jeff, thanks for coming back on.

Jeff Wolff: Thank you.

LN: He’s their Director of eDiscovery, and I wanted to ask him some questions as it related to what differentiates ZyLAB from other products out on the market. Some of my clients may want to use this type of artificial intelligence program to help get through their review and see what the results are of using AI verse the traditional e-discovery review process, so.

JW: Sure.

LN: Jeff, could you tell us what sets ZyLAB apart from other competitors in the marketplace.

JW: Sure, sure, so first, I think ZyLAB is uniquely positioned in the fact we understand the corporate space quite well, as well as the law firm space, but we got our start incorporate, or start in information governance. So we are very vested in search and data science, and that’s really where we’ve put a lot of our focus. We have both on-premise solutions, as well as cloud-based, SaaS solutions like every other next-gen provider. But we really push our interface, our user interface and our user experience, as one of the most unique selling points. And that is, that it is not difficult to start using. Anyone, any legal professional can pick up our product in an hour, from start to finish, and understand really how you utilize it. Drag and drop interfaces for getting data into the system, and immediate color-coding and tagging, easy search, and the ability to really visualize your data and understand what’s in the dataset.

LN: Okay. So, what would you say for a company that has to deal with multiple jurisdictions, they’re in Europe, they’re in the US. JW: Sure. LN: There are some unique challenges posed by all the various regulations out there, like GDPR.

JW: Right.

LN: Maybe the have operations in China. How could you help a company that has to deal with various regulatory authorities spanning the globe?

JW: Sure, and that’s another advantage that ZyLAB has, actually, we’re actually a global company, so we’re dual-headquartered in Washington, D.C., here in the US, as well as Amsterdam in the Netherlands, in the EU. And as a result, we have cloud operations in both jurisdictions. So our global customers can actually keep US data in the US, and they can keep the European Union in the EU, and not worry about that issue. But we also have the expertise, consulting expertise, in both environments, both geographic locations. For example, I’m doing a lot of work now with corporations, not so much focused on directly just on e-discovery, because e-discovery is a bit reactive, you know? Or corporations go through peaks and valleys with e-discovery, the litigation, something they have it, sometimes they don’t. What they constantly have though, are internal investigations, regulatory responses, in the highly regulated corporations. And more and more now, data privacy concerns. So, my European colleagues have been dealing with GDPR for a while, we’re now starting to feel it here in the US, with CCPA, the California Consumer Privacy Act. And there are a number of states on the horizon that are going to California’s examples, so corporations need to be able to find, and classify all the data that they have in their organization that has customer information because if those customers request it and they can’t provide it, they’re financially in a lot of trouble.

LN: Do you think that the regulations coming down on companies are going to fundamentally change how companies chose to communicate with their vendors, suppliers, and own employees?

JW: Absolutely. If you look at all the recent data breach situations, it’s typically not the organization that has the problem, and I won’t mention any of the large companies that have recently had data breaches, but it’s typically not the original company that had the issue, it’s one of their suppliers, or one of their vendors that had accesses to the database, and wasn’t protecting it properly, and that’s how the trouble began.

LN: Yeah.

JW: Same thing with data privacy.

LN: The supply chain certainly is a huge point of vulnerability for all types of organizations. The governments, the military,

JW: Yep.

LN: and even corporations.

JW: Yes.

LN: So what do you see happening over the next few years with the adoption of AI platforms?

JW: I think the e-discovery market is going to fundamentally change. There’s still always going to be a need for discovery within corporations and law firms, but what you do you with the data is going to become much more important, so it’s going to be about how you can extract value from the data, not just metadata, which we’ve always been able to do for years now, but now more about looking for entity information. People, places, organizations that are mentioned in documents and emails, and collaborative environments, and being able to visualize those, and quickly drill down to what was going on in your organization. You know, if you got people that are going to the dentist three times a week, they’re not doing to the dentist, they’re doing something else, They’re just writing about going to the dentist.

LN: Yeah.

JW: Software like ours that can identify those references in documents are going to be crucial to the success of organizations.

LN: That’s great. So it seems that there’s continued e-discovery service provider consolidation out there.

JW: Mmhmm.

LN: The companies that are using tools that are more of a channel partner tool to resell.

JW: Yes.

LN: But as those companies consolidate, do you think that there’s going to be a movement away from those providers where, the company, the firms, directly do their own e-discovery?

JW: Oh, yes. Yeah, very much so. We’ve been seeing that over the last few years. A lot of companies, even small companies that tend to have, in the past, just used outside vendors for e-discovery, are now deciding that they prefer to control, not just the cost, but also their data. They don’t want their data outside of the organization for reasons we’ve already talked about. So they’re purchasing in-house tools that they can use themselves, and then they can invite outside counsel in to make use of, that way they control their costs, they control the efficiency, and they control the data.

LN: Well, this has been great. Thanks a bunch for being on the show.

Lee Neubecker: Thank you again.

LN: Take care.

JW: Bye bye.

View related articles on Artificial Intelligence

Artificial Intelligence (AI): Medical Data
Artificial Intelligence (AI) Re-inventing Legal Technology
Artificial Intelligence (AI) eDiscovery
Litigation & Computer Forensic Experts
Cyber Security & Artificial Intelligence (AI)
Artificial Intelligence (AI) Assists in Cyber Security

View ZyLAB’s for more information on (AI) Smart Solutions: eDiscovery

https://www.zylab.com/en/product/artificial-intelligence

View Law Technology Today’s article on Artificial Intelligence (AI)

Re-inventing Legal Technology: Artificial Intelligence (AI)

Forensic Experts Lee Neubecker and Cat Casey from DISCO discuss Artificial Intelligence (AI) as it relates to improving Legal technology.

Artificial Intelligence (AI) thinks, learns and problem solves more efficiently than humans. AI is all around us and in almost everything we touch, it is an algorithm that is designed to make our lives easier and is sometimes referred to as machine learning.

In the case of litigation, it can save time and money by streamlining the process of document review, eDiscovery, and preparation for forensic cases. Computer Forensic Expert, Lee Neubecker and Catherine “Cat” Casey who is the Chief Innovation Officer for DISCO discuss how AI works to improve legal technology.

DISCO is a leader in legal technology is a developer of a cloud-native eDiscovery software for law firms designed to automate and simplify error-prone tasks. They provide a myriad of different types of analytics that will supercharge searching data dramatically reducing time and money.

Part 1 of our Three-Part Series on Artificial Intelligence (AI)

Artificial Intelligence (AI) Re-Inventing Legal Technology

The Video Transcript Follows.

Lee Neubecker (LN): Hi, I’m here today with Cat Casey from CS DISCO. Thanks for being on the show.

Cat Casey (CC): My pleasure.

LN: We’re going to talk a little about artificial intelligence as it relates to eDiscovery and document review. Cat, can you tell us just a little bit about what your firm does to help speed up the review process and lower costs for clients.

CC: Absolutely, we’re a cloud-native AI-powered eDiscovery company. And what that means is we’ve got vast amounts of elastic computational power that we can use to run a myriad of different types of analytics on data to supercharge your searching and dramatically reduce the amount of time it takes you to get to that key actionable evidence. So, we’ve kind of flipped everything on its head. Instead of being a question of how quickly can I read through all of this data, it’s how laparoscopically can I surgically find all of that key information. The results that we’re seeing are pretty resounding. Up to 60% reduction in time to get to that key evidence. Freeing up attorneys to get back to what they went to school for, the practice of law. It’s pretty compelling. We’ve had some pretty interesting additions, including even today, we just announced, I think, the first true AI in eDiscovery with AI model sharing. Basically, with each iteration, with each type of case that you conduct with DISCO, our algorithms are getting smarter. We’re extracting insights and building in more robust taxonomy and analytic structure to parse data, which is going to yield better and better results for our clients. It’s truly exciting.

LN: So we’ve come a long way from the early days when the attorneys wanted everything printed and Bates-labeled before they looked at it. To now, moving ahead using TAR, technology-assisted review, like artificial intelligence, which fits into that, correct?

CC: 100%, we have a continual active learning model, so it’s more reinforcement learning than a standard supervised learning model. Basically, from the coding of document one, our algorithm’s getting smarter and making recommendations on highly likely to be similar documents. We battle test the algorithm on an ongoing basis. Whether it is an affirmative or a negative for a suggested document, the algorithm learns more, and because of that, we prioritize the most relevant information quickly and people are able to then accelerate their review speeds by up to, I think we’ve had over 180 docs per hour. So, it’s pretty compelling and this is just the beginning.

LN: So your platform’s all in the cloud, correct? So companies or law firms, they need no infrastructure other than a browser?

CC: 100%, the nice thing, in my prior life, I ran a global discovery program, and I spent hundreds of thousands of dollars a year just to keep pace, just to have storage, just to have basic replication and back up, and all of that. Now, even a small firm, all the way up to an Am Law One firm or a massive Fortune One company, they can have the same robust technology without having to set up a data center, without having to invest a ton of money. It lets everyone level up and has a better experience throughout the discovery process.

LN: One of the challenges a lot of my clients always have is they have a need to understand what the costs are going to be and to be able to communicate to their clients those expectations so they’re not throwing their clients on the eDiscovery rollercoaster of non-controllable bills. How does DISCO help to address those concerns?

CC: Transparency is a major pain point. One of the banes of my existence used to be trying to normalize this pricing model versus this, versus this service provider, versus this technology. We just throw that all out. We charge one flat amount per gig. It includes analytics. It includes processing. It includes everything, and we work with you to get the volume of data that is being applied to that one flat cost per gig down. It eliminates that hide the ball gotcha moment and it gives a lot of transparency. And of course, if someone wants a different model, we’re happy to accommodate that. But in general, straight, simple, honest. It’s really rewarding for our clients.

LN: So, what cases, what types of litigation case matters do you see as having some of the best benefits of being migrated into your platform?

CC: Yeah, I think any case can. If you’re a tiny company, it helps you be David versus Goliath. Even on a small data volume case, you can start getting insights and reduce the amount of time you’re having to spend doing something maybe you can’t chargeback for. For a big massive case, because we are an AWS and we were built on kind of convolutional neural networking, we’re moving, and we have such a robust computational lift, even we’ve had 150 million documents with hundreds of users and we still have sub one second page to page. We are still lightning fast. And so, whether it’s a big case, a simple case, a complex case, there is a value proposition for almost anyone.

LN: In terms of the types of law firms that are using your platform, do you see many smaller, medium-size firms using your–

CC: Tons, actually tons. That was where we got our teeth. Boutique, we started as a boutique law firm. We actually were a bunch of attorneys that were frustrated that all the tools were terrible, and so they built their own. And so, the foundation of DISCO, we had a family of tons of boutique law firms that we were supporting, we still do to this day. The tool we built though, had a longer vision. It was built to be much bigger and more scalable, and as a result, that’s why you’re seeing us with major, the WilmerHales of the world, very large firms and very large corporations because the tool itself can scale up so much.

LN: Great, what are some of the challenges of working, that law firms find that already have entrenched solutions? There are other review products out there and if they really want to make the benefit of your platform, don’t they have to kind of fully use it for the case?

CC: I would say you probably don’t want to split the baby with a case. If you’re processing with another tool, you’re not going to get the same benefit as working with DISCO. But you don’t have to move your entire litigation portfolio to DISCO day one. We’re seeing a lot of people that are sunsetting Legacy Product and Legacy Platforms moving towards DISCO, but it’s not, “I’m going to move every single case today.” It’s going forward, we’re going to start bringing in new cases. There tends to be such an improved experience and improved UI for the attorneys that they start to not want to use the other technology as much.

LN: I know as a computer forensic expert, oftentimes we’re going out initially collecting and forensically preserving the data. But your product sounds like it would be right for a firm that does forensics that needs to collect different data from computers, possibly harvest just an email. Filter the dates and times of the email to a PST and then they can take those PSTs and upload it into your platform, correct?

CC: 100% and we also, we’ve productized some advanced ECA, where we charge a much, much lower rate. So, you get three months no cost hosting. It’s half the usual rate, and you can do ECA for up to three months. And the goal of that is to let’s whittle down to the most surgical, teeny, tiny, laparoscopic piece of data set that you can have. An example was we had a 20 million document case and we were able to run the ECA, get it down to about 5.6 million documents. Run more coaling, run our analytics, get it down to about 200,000 documents. And usually, that would be when you have to review every single one, but we were able to, with our workflow, with CAL, get it down to 140,000 documents. And so, if you think 50 bucks an hour, an attorney can only do 50 docs an hour, the cost savings is monumental.

LN: So as someone uses your platform and they start to tag and prioritize certain documents, your software learns based on that taking. It helps find related concepts to those conversations and what not?

CC: 100%, 100%.

LN: So really, the more that are reviewed as responsive, similar concepts and whatnot so that important links aren’t missed.

CC: 100% and because we do automatic batching, is every new batch of documents a person gets because we’ve applied this artificial intelligence and continual active learning model, it is a more relevant subset of data and people are able to go through it more faster. And sometimes, they will get to a point where they can say, “I’ve hit all my relevant information. “The rest is not relevant. “I’m going to sample it and statistically determine “I don’t have to review those last 100,000 documents “that maybe aren’t relevant,” and it’s pretty cool.

LN: In our next segment, we’re going to be talking What the trends are in the industry impacting law and eDiscovery. And then finally, we’ll talk about some of the pitfalls of what companies, organizations, and law firms face if they don’t embrace artificial intelligence to help make their review process more efficient. Well, thanks for being on the show.

CC: My pleasure.

More Related Articles About Artificial Intelligence (AI) )

Litigation and Forensic Imaging

View DISO’s website to learn more about AI trends in Legal Industry

https://www.csdisco.com

AI is Changing Legal Technology and how they work check out this website.

Energy Sector: Intrusion Detection

After the most recent Iranian attacks most people don’t think about the danger to our Energy Sector that lurks in the global underworld. Cyber Security Experts Lee Neubecker and Geary Sikich are on the job! They say we can tighten our security and detect cyber attacks before they happen.

Energy Sector Intrusion Detection is complicated and delicate and necessary to maintain our power grid. The Energy Sector provides energy for the world and must be secured and protected. Many detection tools and resources of expert precision are used to ensure the security of these precious resources. Think about it? What do you do on a daily basis that doesn’t involve energy or some type of energy? Enigma Forensics CEO & President, Lee Neubecker and Geary Sikich, Principal at Logical Management Systems, Corp. put your mind at ease and dissect cyber security and intrusion detection systems that are utilized by the Energy Sector.

This is Part 2 in the four-part series on Energy Sector Cyber Insecurity.

Lee Neubecker (LN): Hi, I’m back on the show again with Geary Sikich, thanks for coming back on the show.

Geary Sikich (GS): Thanks for having me back Lee.

LN: So we’re continuing our series discussing about global cyber insecurity as it relates to energy sector. In the second part of the series we’re talking more about detection of compromise. Um Geary, what’re your thoughts in this area?

GS: I believe that there’s a lot to be looked at in terms of the detection aspect, and this is one of the areas where you from a forensic standpoint, provide sort of a critical juncture, what’re you seeing that the general person, and even the general employee of the utility, might not be seeing? And might not be aware of?

LN: Well we know from reports by Dragos Cyber Security firm, that there’s a number of groups, I think around 11 groups are specifically targeting the energy sector. This report just came out this month, so there is a heightened attack readiness requirement to defend against these attacks. And the key thing that organizations need to be doing is they need to know that they have their firewall actively logging, and they need to be looking at those logs.

GS: Those are all state sponsored groups, right?

LN: Well, we don’t know exactly who they are, there could be terrorist cells, the Dragos report doesn’t give attribution as to the entities behind them. They describe the types of attacks, and the character of the attack methods, but there is a number of them that you can check out, there’s a link that will take you to their report if you’re interested in reading it. But you know, often times organizations fall compromised, and they don’t know it, and these things go on for a long time. There was a credit reporting agency attacked recently, for instance.

GS: So from a detection standpoint, the challenge that industries are faced with, cause our focus is going to be on the energy industry, so we’ll get energy industry. In general, the challenge that they face then, is that it’s not just what we perceive could be state sponsored hacking of their systems, it could be individuals, it could be terrorist cells, it could be pretty much anyone with a desire to infiltrate a system whether it’s to do harm, or whether it’s just to see if they can do it

LN: Exactly. The barrier to entry to launching one of these attacks is much lower. It requires knowledge, but the knowledge could be in the head of a teenager, that got rejected at school and wants to take the power out in his town. So that’s a legitimate problem. Now related to detection, I mentioned the firewall logs, there’s a great product out there called, Canary. Have you heard of it?

GS: No, it’s new to me.

LN: Essentially, it’s a company they tell these little devices, you deploy in your network, and they can pretend to be a payroll mass, health care information system storage database, or you can make it be whatever you want. But it’s essentially trying to lure an attacker. So if someone’s in your network, there going to scan your network to look for resources and it will detect people trying to brute force that item. So these items are a great way to have another way of knowing are you compromised. If organizations that had recently been publicly compromised, that didn’t know it for many years had some of these devices in place, they would probably know pretty quickly, like within a day or so, of someone getting through their firewall.

GS: So the challenge then I guess, from a detection standpoint, and the way we’ve seen it, and in discussions with organizations that I’ve worked with. Is that it’s not a single point of penetration that we have to worry about, it’s become multiple points of penetration, and multiple points that are not necessarily hard wired into the operating system. So utilities in a lot of respects have gone out to do with their status systems, monitoring your water usage, or electric usage, all remotely, and you periodically might see a utility vehicle drive by, and they may have a cellular type phone system, that goes by and scans your homes to see what your energy usage is. So those all become a factor. We get into detection in terms of things, we’ve mentioned today shipping is a big issue, and we mentioned with the current situation with Iran, the concern over the Strait of Hormuz, but shipping in general, navigation systems, have been targeted, not only by state actors, but by other groups. So you have navigation systems which is not just water born shipping. Think of where navigation systems are today. Look into your pocket and see your cell phone.

LN: Well we had the recent issue with the Boeing Max airplane, it turned out the sensors were damaged. Well these sensors they’re called MEMS sensors, they’re a combination of electro-mechanical sensors, and if the chip is hit at the frequency that matches the natural frequency of the component board, it can actually cause the chip to malfunction and report erroneous readings temporarily. Or if the frequency matches and it’s of a great enough amplitude it can actually damage the chip. And there hasn’t been much discussions about whether these chips were cyber-attacked but it’s very possible, if you look up University of Michigan, they have research on MEMS chip sensors and interestingly enough, the patent for these sensors was a Boeing patent. So there’s not a lot of talk about that and I think more likely if the chips were damaged, it’s more likely they were damaged while they were on the ground interestingly enough, the two crashes that occurred were in countries that had a lot of terrorist activity.

GS: I think the other aspect with detection is that when you begin to bring out a point like that, people have a tendency to assume durability of systems when systems can be very sensitive to, if you will, shocks, minor shocks to the system. So it’s not necessarily the physical attack, you could take the example recently Puerto Rico has had an earthquake. What damages were incurred by the, on their systems as a result? That are undetected yet. The sensitivity of systems I think has become really critical in a lot of these aspects.

LN: But like with these chips we’re blending mechanical with computer embedded processors. So like these chips think of an opera singer, that sings the natural frequency of a wine glass. If he sings it loud enough, that glass will shatter. It’s the same concept with this chip. You can fire sound at it, if you’re close enough, or if you have a strong enough amplifier, you could fry it. Now that could happen, a drone could potentially launch a sonic attack, someone onboard, a passenger could do it, cleaning crew coming through could do it. So these are some questions that it’s kind of a new paradigm but we even had issues with military aircraft having this uptick in crashes, and these same types of systems are in the newer military helicopters and planes and whatnot. So I think it was good that the military grounded some of these devices that were having these problems, And you know the investigation, I’m sure, continues and the public may not fully be briefed on this, but it is a threat that needs to be detected before people die.

GS: So the real issue with the situation that we’re in, with this kind of global insecurity if you will, is our ability to detect has been I’ll put it in these terms, if our ability to detect has been compromised by virtue of the disruptive technologies that exist that are making detections more and more of a challenge, because they’re becoming more and more subtle in how they entered in the system. So I can have a system that looks like it’s working perfectly, and yet at a point be compromised like the mechanical system that’s supposed to open a valve, and it’s been doing it for a long time, and then suddenly it either leaves it open, or completely shuts it.

LN: This is where it’s important that these entities have an accurate inventory of what their equipment is, and they also have an accurate inventory of the embedded systems and what that software code should look like. And they should have procedures in place to periodically verify that the embedded firmware chips that do these functions haven’t been altered. Otherwise they won’t even know, and something could happen at a very critical time. So that wraps up our section on detection. In our next segment will be talking about helping to protect against these types of attacks.

GS: Great.

Watch the other segments on Cyber Insecurity in the Energy Sector

Part one of our four-part series on Energy Sector Cyber Insecurity

Learn more about cyber security and data breach from Enigma Forensics.

Check out the government’s directives on cybersecurity as it relates to energy infrastructure.

https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure

Check out what ComEd is doing.

https://www.comed.com/SiteCollectionDocuments/SmartEnergy/SmartGridAndDataSecurity.pdf

Understanding EMR Audit Trails

Understanding EMR Audit Trails is important to any company dealing with (PHI). They must have all the necessary security measures in place and follow them to ensure HIPAA Compliance.

Understanding EMR Audit Trails is essential to a patient’s medical history In medical malpractice litigation. The Health Insurance Portability and Accountability Act (HIPAA) requires that the Electronic Medical Records (EMR) maintain an audit trail including all of the metadata. This EMR audit trail is a piece of highly relevant evidence as to who accessed what in the record, what entries were made and/or changed, by whom and when. Computer Forensic experts are key to effective electronic discovery during medical malpractice litigation.

How do hospitals record, protect, and store data? HIPAA sets the guidelines for the most highly sought after information by the world’s best technology hackers. Medical records are worth 4 times more than credit card information. Managing Personal Healthcare Information (PHI) places Healthcare facilities at risk of cyber attack 24/7, 365 days a year.

Check out this video with Enigma Forensics, President & CEO, Lee Neubecker, and John Blair, a noted Healthcare Industry Cyber Security Expert where they discuss the importance of protecting Personally Identifiable Information (PII).

Lee Neubecker and John Blair

Understanding EMR Audit Trails video transcript follows:

This is the third of the last video in the three-part series on Health Care Industry Cyber Threats:
Watch Part 1, Watch Part 2

Lee Neubecker: Hi, I have John Blair, a cyber security expert in the field of healthcare, and John is also involved with understanding patient medical, electronic medical record (EMR) audit trails, so I asked him to come on the show and talk a little bit about that with me. John, thanks for coming back on the show.

John Blair: Thanks, Lee. Glad to be back.

LN: So John, can you tell everyone a little bit about what HIPAA requires of healthcare organizations as it relates to tracking data of caregiving and the patients?

JB: Sure. Most of this is obviously directed at hospitals, but HIPAA also has things called business associates, and any interaction from any entity with, or any user with, PHI is going to be subject to these audit logging. Hospitals use systems called EMRs, so generally those, the audit trails are built into the EMRs by default, but obviously entities can turn those off if they so choose or configure them differently. HIPAA requires that you pretty much log any interaction, whether it’s read-only, view-only, edit, whatever that interaction might be. Identify the user, identify the time, what was done to the record, and that has to be maintained for several years. So it doesn’t matter what a user does with the record. Even if they just view it, that counts as a valid interaction and has to be logged and maintained.

LN: In fact, all of these hospital software systems out there have to be HIPAA compliant, or else the hospitals wouldn’t be able to use the software packages. Isn’t that true?

JB: Right, right. There’s a lot of federal regulations regarding that, that the standards that these systems have to meet in order to get refunds or rebates from the government.

LN: So Medicare funding, reimbursement, obviously is important.

JB: All of that stuff. And audit logs of user activity and interactions, or any interaction with PHI, is a critical component of that.

LN: You know, what I’ve seen is sometimes despite the software packages being EMR, audit trail compliant, that there’s the ability for the software that’s deployed to be altered so that the audit trails aren’t retained as long as required by law.

JB: Yeah, sometimes the storage of the audit logs, it can be overwhelming. So oftentimes they are archived offsite or inappropriate access is given to the audit log itself. And then it possibly can be changed, which ruins the integrity of the log, obviously, and that would be a very bad thing should something come up down the road and you needed that log.

LN: Yeah, and certainly, someone who has the master database administrator password to that back-end system, they could do whatever they wanted.

JB: Yup. But there’s supposed to be logs of that activity, as well, and reviews of those logs, but you’re absolutely right. If you’re an administrator, you can do a lot of damage.

LN: Yeah, I’ve assisted clients before involved in litigation, medical malpractice litigation, with just seeking the truth of what’s there in the records. Most of the time, they think many hospitals are compliant and do have those audit trail records.

JB: Absolutely.

LN: But, they don’t necessarily want to make that data readily available.

JB: No, they don’t. And it depends, it’s a case-by-case scenario, under the advice of counsel and things like that, but it’s very, very sensitive information, and obviously, it’s a public relations nightmare to have a breach of patient data, so they take those things very, very seriously.

LN: Absolutely. So can you tell everyone what PHI stands for?

JB: It’s Protected Health Information, as defined by HHS, there are 18 very specific fields that comprise PHI. PHI is a subset of PII, which is Personally Identifiable Information, but with respect to healthcare, it’s primarily PHI that we’re worried about and those 18 identifiable fields.

LN: Why would hackers want to target health care records?

JB: It’s far more valuable now than several years ago, it was credit card information, basically for year after year. Now, the credit card companies and technology with respect to how quickly a card can be replaced and deactivated. And so, just more money in it to steal medical information. And there’s more flexibility, as well. You can go get drugs, you can do a variety of things, whereas, with the credit card, it’s just money.

LN: If people wanted to launch a targeted scam on individuals, certainly having records that would enable them to filter patients that have Alzheimer’s, might give them an unfair advantage at duping people out of their savings.

JB: Absolutely. Because generally if you get someone’s entire record, you’re getting everything about them: their Soc number, their address, phone numbers, relatives, I mean, all this information is now at your disposal. And loans can be taken out in their names, it’s just a disaster waiting to happen.

LN: So Electronic Medical Records, known as EMR, represent an important target that hackers seek, because of the value of that information, and the uniqueness.

JB: Yup. The price of those records, per record, now varies, but I believe it’s in the $150, $200 range per record if it’s a breach now, and laptops can hold hundreds of thousands of records. So it can be very, very expensive.

LN: But it seems that this is a problem, too, that it isn’t just localized to any one area, it’s universal.

JB: Yeah, it’s across the board. Anyone dealing with PHI has this problem.

LN: How does the cost of a patient medical record compare to a credit card record, compare to the black market?

JB: Yeah, for the last several years, medical records have gained in value every year, while financial records, credit card information have devalued. And it’s to the point now where medical information’s worth four times as much as financial information. And that’s only increasing.

LN: So does that mean that people that work in the healthcare sector in IT and security are going to get paid four times as much as the people of the financial sector?

JB: I wish.

LN: Well, thanks again for being on the show, this was a lot of good stuff. I appreciate this.

JB: Thanks, Lee, appreciate it.

Other related stories about EMR Audit Trails

Other resources to learn more about EMR Audit Trails.

https://www.cdc.gov/phlp/publications/topic/hipaa.html