Ransomware in 2023: Lessons from the Bay Area Transit Breach

February 24, 2023

California has already seen a spate of high-profile ransomware attacks in 2023. Multiple government networks, including the Bay Area Rapid Transit and both Oakland and Modesto counties, as well as healthcare providers have been targeted. These attacks have impacted the data of millions of individuals, including 3.3 million individuals whose sensitive medical information may have been targeted in the Regal Medical Group breach.  

Ransomware Attacks Surged in 2022

The Verizon 2022 Data Breach Investigations Report (DBIR) notes that ransomware attacks increased 13% in 2022. The report notes that this increase is as big as the last five years combined. 

This is unsurprising given the low bar to entry offered by Ransomware-as-a-service software and the almost threefold increase in the number of organizations paying million-dollar or more ransoms in 2022

And this trend is showing no signs of slowing in 2023. 

Preventing Ransomware in 2023

Verizon’s DBIR highlights four key methods bad actors are using to pull off ransomware attacks: 

  1. Credentials;
  2. Phishing;
  3. Exploiting vulnerabilities; and 
  4. Botnets. 

“There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. All four are pervasive in all areas of the [Data Breach Incident Report], and no organization is safe without a plan to handle each of them.” [Verizon 2022 DBIR]

Your company should have programs in place to address each of the four areas of risk outlined above, including cybersecurity training for your team. Verizon’s reporting notes that human error is a significant driver behind ransomware attacks. 

What’s Your Ransomware Strategy?

Every organization should have a ransomware strategy in place. This strategy should contemplate whether your company would pay a ransom to get its data back and if cyber liability insurance is right for you. 

If you’re contemplating adopting a policy to pay the ransom, it’s important to consider whether paying the ransom will even restore the data you’ve lost. Sophos’ State of Ransomware 2022 report shows that companies typically only were able to restore between 50% and 64.8%of their data after paying a ransom. 

Given the cost of ransomware attacks and their increasing likelihood, adopting a ‘data recovery’ plan may be a better option. 

In practice, you’ll need to frequently back up your systems and data. You’ll also need to implement strong protections to secure your backups. This planning should prioritize your most critical assets and infrastructure. 

If your company needs assistance building its data breach and ransomware response plan, reach out. Our privacy attorneys would love to help. 


The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.

Other Articles

External Privacy Policy with hand hovering above it and reading glasses sitting on it Is an External Privacy Policy Enough?
GDPR Explained: A Quick Guide for U.S. Businesses
Children’s Data Privacy: Five Takeaways from the FTC’s Recent Workshop

    Ready to Talk?
    Contact Us

    We would to hear from you

    Please take a moment to tell us a few things about your needs and someone from our team will reach out to you as soon as possible.

    We would to hear from you

    Thank you for reaching out!

    Someone from our team will get back to you shortly

    We would to hear from you