Risk Reading — Another DQ Motion in Pharma Matter, Law Firm Hacked by Chinese Hackers, Law Firm Pays Ransomware Gang, Private Equity Conflicts Considerations, Federal Court Filing System Hacked

“Federal court filing system hit in sweeping hack” —

“The electronic case filing system used by the federal judiciary has been breached in a sweeping cyber intrusion that is believed to have exposed sensitive court data across multiple U.S. states, according to two people with knowledge of the incident.”
“The hack, which has not been previously reported, is feared to have compromised the identities of confidential informants involved in criminal cases at multiple federal district courts, said the two people, both of whom were granted anonymity because they were not authorized to speak publicly about the hack.”
“The Administrative Office of the U.S. Courts — which manages the federal court filing system — first determined how serious the issue was around July 4, said the first person. But the office, along with the Justice Department and individual district courts around the country, is still trying to determine the full extent of the incident.”
“It is not immediately clear who is behind the hack, though nation-state-affiliated actors are widely suspected, the people said. Criminal organizations may also have been involved, they added.”
“It is not immediately clear how the hackers got in, but the incident is known to affect the judiciary’s federal core case management system, which includes two overlapping components: Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and PACER, a system that gives the public limited access to the same data.”
“In addition to records on witnesses and defendants cooperating with law enforcement, the filing system includes other sensitive information potentially of interest to foreign hackers or criminals, such as sealed indictments detailing non-public information about alleged crimes, and arrests and search warrants that criminal suspects could use to evade capture.”
“The hack is the latest sign that the federal court filing system is struggling to keep pace with a rising wave of cybersecurity threats.”

“2 Law Group Data Theft Hacks Affect 282,100 Patients” —

“Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked on the darkweb.”
“The much larger of the two breaches was reported by Coral Gables, Florida-based Zumpano Patricios PA, which practices in five U.S. states and has satellite offices in several other countries. ZP Law told the U.S. Department of Health and Human Services on July 3 that its hack affected the HIPAA-protected health information of nearly 280,000 people.”
“The ZP Law data potentially affected by the hack varies by individual but included information such as names, healthcare provider names, member ID numbers, health insurer information, dates of service, amounts charged and paid, Social Security numbers, clinical coding information and medical records, the firm said.”
“The second recent law firm breach was reported by Palm Beach Gardens, Florida-based LaBovick Law Group, which has offices in the Sunshine State and Massachusetts.”
“LaBovick told the Maine attorney general on July 16 that an October 2024 hacking incident affected 2,825 individuals.”
“Information potentially compromised varies among individuals but included names, addresses, dates of birth; Social Security numbers; driver’s license numbers, state-issued ID numbers, bank account information; health insurance ID numbers and policy numbers, health insurance claims history, and medical history and records.”
“LaBovick paid an undisclosed ransom in November 2024 and said ‘the cybercriminal confirmed’ that the law firm’s data has been deleted and would not be leaked.”
“Attorney Paul Hales of the Hales Law Group, which is not involved with either the ZP Law or LaBovick Law cases, said a ransom demand puts a law firm in a precarious position of negotiating with cybercriminals.”
“‘Every law firm should carefully evaluate the ethical, legal and business consequences to prepare its response to a ransom demand. This is also a critical continuing legal education topic,’ he said.”

“Wiley Rein Law Firm Breached by Chinese Hackers” —

“Bloomberg has reported that Washington D.C. law firm Wiley Rein LLC was breached last year by Chinese hackers. It was by no means alone in its misery. The European Union council, Halliburton and others suffered the same fate.”
“Byzantine Candor, the team of hackers responsible, is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as ‘comments.’”
“30 North American security researchers watched the hackers work and documented their findings. 20 victims were identified, many of whom had data that could give China an advantage as it seeks to become the world’s largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company getting ready to drill in waters claimed by China.”
“A former FBI official calls the hackers’ activity ‘the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.’”
“Exploiting a hole in the hackers’ own security, the researchers created a digital diary, logging the intruders’ every move as they snuck into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them invisible to their victims.”
“Byzantine Candor was linked to China’s military, the People’s Liberation Army, by a 2008 diplomatic cable released by WikiLeaks. Two former intelligence officials verified the essence of the document.The hacking group has been active at least since 2002 and is thought to have penetrated more than 1000 entities.”
“National Security Agency director Keith Alexander said earlier in July that cyber espionage constitutes ‘the greatest transfer of wealth in history,’ and cited a figure of $1 trillion spent globally every year by companies trying to protect themselves.”
“Of the 10 Comment group victims reached by Bloomberg, those who learned of the hacks chose not to disclose them publicly, and three said they were unaware they’d been hacked until contacted for this story.”
“Wiley Rein apparently did know, according to the Bloomberg story.”
“Dale Hausman, Wiley Rein’s general counsel, said he couldn’t comment on how the breach affected the firm or its clients. Wiley Rein has since strengthened its network security, Hausman said. Well, that’s good – if a tad late. My question is – and I’d sure like an answer – did the firm notify its clients? D.C. does have a data breach notification law – and most experts believe that ethical rules require firms to notify clients.”

“OptumRx Moves To DQ Motley Rice In Utah Opioid Case” —

“Pharmacy benefit manager OptumRx has moved to disqualify Motley Rice LLC from representing the state of Utah in an opioid crisis lawsuit, claiming the firm clearly violated ethical rules by investigating OptumRx on behalf of government entities, then suing OptumRx in a private capacity.”
“In a motion filed Thursday, OptumRx said Motley Rice’s representation of Utah blatantly violates Rule 1.11(c) of the Utah Rules of Professional Conduct, which prevents attorneys from using ‘confidential government information’ obtained when they were ‘a public officer’ in private lawsuits.”
“A few years ago, Motley Rice represented Hawaii, Chicago and Washington, D.C., as those governmental entities investigated whether to sue pharmacy benefit managers, or PBMs, like OptumRx for allegedly exacerbating the opioid crisis.”
“In that capacity, Motley Rice attorneys were deputized as special assistant attorneys general and were acting on behalf of the government with powers not available to private litigants, OptumRx said. In that capacity, Motley Rice sought and obtained troves of confidential information from OptumRx, the motion said.”
“Now, Motley Rice represents Utah as a private client suing OptumRx over the exact same issue and could very well use that confidential information to its advantage, OptumRx claimed.”
“‘The rule is designed to protect against abuses of government power and the erosion of public trust,’ OptumRx said. ‘The concerns are so grave that the rules prohibit a former government lawyer from taking on a representation in which they theoretically could use confidential government information to their opponent’s material disadvantage — even if they do not use the information at all.’”
“Anticipating the common rebuttal that its disqualification motion is nothing but a cynical ploy to disadvantage Utah in the litigation, OptumRx urged U.S. District Judge David Barlow to take its allegations seriously. ‘Simply put, this motion is not a litigation tactic,’ OptumRx said. ‘It is grounded in legitimate and clear-cut ethical concerns.’”
“To bolster its case, OptumRx pointed to an ethics opinion it commissioned from two legal ethics experts, Sari Montgomery of Robinson Stewart Montgomery & Doppke LLC and Wendy J. Muchman, a professor at Northwestern University Pritzker School of Law. Muchman is on the American Bar Association’s Standing Committee on Ethics and Professional Responsibility.”
“‘There can be no more obvious violation of Rule 1.11(c)’ than Motley Rice’s violation here,’ the motion said, quoting from Muchman and Montgomery’s opinion.”
“OptumRx has previously attempted to disqualify Motley Rice on the same basis in other cases. Thus far those attempts have all failed.”
“Before OptumRx filed its disqualification motion in the MDL, U.S. District Judge Dan Aaron Polster warned OptumRx’s attorneys that doing so would damage the ‘level of professional cooperation’ among the attorneys in the case and ‘will clearly have negative repercussions for your clients,’ according to a transcript.”
“Judge Polster ultimately denied the motion in March 2024, finding that while Motley Rice’s previous investigations of OptumRx on behalf of government entities do raise troubling ethical questions, ultimately those concerns are moot because OptumRx is required to turn over the same documents Motley Rice obtained in civil discovery for the MDL anyway.”
“‘The MDL Repository Orders require OptumRx to produce the investigation documents in the MDL, where all other plaintiffs’ attorneys can use them,’ Judge Polster wrote. ‘It is obvious that Motley Rice’s possession and knowledge of the Investigation documents cannot, by itself, cause a material disadvantage to OptumRx, when every other plaintiff’s attorney also has them.’”
“On a straightforward letter-of-the-law basis, OptumRx said that whether the information Motley Rice obtained while deputized as a government attorney ultimately ends up available in civil discovery shouldn’t matter. That information is clearly ‘confidential government information,’ so Motley Rice is clearly prohibited from suing OptumRx from the get-go.”

Several lawyers from Fasken explore: “Private Equity Exits: When Might Seeking Term-End Liquidity Create A Conflict?” —

“Nominee directors are central to private equity: significant investors in a portfolio company expect to have strategic input into the company’s business.”
“But nominee directors can also face potential conflicts of interest in certain circumstances. The recent ruling of the Delaware Court of Chancery in Manti Holdings provides an example in the context of the sale of a portfolio company near the end of a private equity fund’s term.1 We explore the ruling and highlight what nominee directors in Canadian portfolio companies should know.”
“Our key practical takeaways include:”
- “The ruling sets a high bar for when a fund seeking to liquidate its interest in a portfolio company to timely distribute funds to its investors might create a potential conflict of interest for a nominee director of the fund on the company’s board.”
- “That the private equity business model incentivizes funds to timely liquidate their interest in portfolio companies to close a fund and pay investors on schedule is insufficient to demonstrate a potential conflict of interest. Specific evidence that meaningful pressure was exerted on a nominee director towards this end is needed.”
- “The fiduciary duties of nominee directors in Canada differ somewhat from those in Delaware. Nonetheless, the ruling and facts in Manti Holdings remain both insightful and instructive in the Canadian context.”
“The plaintiffs brought two related claims, including that the two nominee directors of the PE Fund had breached their fiduciary duty to PortCo.2 Each of the two nominee directors were also officers or directors of the PE Fund. The key question for the court was whether the transaction gave rise to a conflict of interest on their parts.”
“The plaintiffs argued that such a conflict had arisen, and their basis was that the PE Fund’s 10-year term was set to expire on September 30, 2017, i.e., shortly after the sale of PortCo closed on September 13, 2017. They argued that the sale of PortCo had not been driven by what was in the company’s best interests, but what was in the best interests of the PE Fund; specifically, the desire for the PE Fund to liquidate its interest in PortCo to facilitate the timely distribution of proceeds to the PE Fund’s investors.”
“The court did not agree that a conflict of interest had arisen, and its reasoning was twofold. First, it disagreed with the plaintiffs that the general business model of private equity was such that the PE Fund “thought it necessary to sell [PortCo] immediately, consequences (and price) be damned”.3 Second, it underscored several elements of the particular circumstances of PortCo’s sale that undercut the plaintiffs’ argument that the PE Fund was motivated to conduct a “fire sale” of PortCo.4″
“To prove a liquidity-driven conflict… it is not enough to show a general interest in investors that a fund adhere to a timeline; a plaintiff must show sufficient evidence “of a cash need” that explains why “rational economic actors have chosen to short-change themselves.” “[S]weeping characterizations” of the “industry writ large” are insufficient. And the private equity lifecycle “is not so formulaic and structured that the cycle itself [can] support an inference of a liquidity-based conflict.”10”