Risk Update

Risk News & Opinion — Dealing with “Problem” Clients, Insurer Ransomware Payment Resolution

Why It’s Worthwhile to Look for the Learning with Problem Clients” —

  • “When it comes to problem clients, we all have a story or two to share; but what if it becomes more than that? What if a lawyer comes to realize that he or she is dealing with a problem client far more than once in a blue moon? It can happen, and if and when it does, it’s time to stop and do a little problem solving. It’s time to look for the learning.”
  • “Problem clients are often described as having several of the following characteristics. They can be demanding, confrontational, disrespectful, angry, unreasonable, needy, highly emotional, entitled, vengeful and the list goes on. They may have unrealistic expectations, have a personal agenda, be difficult to stay in touch with, and they are often problem payors at a minimum.”
  • “What am I to look for? Start by reviewing your intake process. This is where the “fail to establish” problem arises. While I believe most lawyers have learned to effectively screen potential new matters, not as many are quite as effective when it comes to screening potential new clients. Every new matter comes with a client and taking the time to try and determine if the potential new client is someone you can create a productive attorney-client relationship with is going to be time well spent. Understand that relationships that start out on the wrong foot rarely improve over time and accept the fact that no one is able to work well with everyone that walks through the office door. Look for and learn to recognize when it simply isn’t a match. That’s when you should be thinking about to saying thanks but no.”
  • “In order to address the “failure to maintain” problem one needs to go a bit further. Step back and ask yourself whether your own actions throughout the representation helped create the problem client. Perhaps the client had some legitimate emotional needs (e.g., recently received some devastating news such as a cancer diagnosis) and you’re not one who relates well to highly emotional individuals. In other words, could your own inability to meet your client’s legitimate, yet non-legal needs have caused the client to be dissatisfied enough to become a highly volatile problem client? Have this discussion with everyone at your firm that interacted with the problem client. Be open to identifying communication shortfalls. Try to determine how the relationship went south. Take any learning that’s to be had from the experience and use it to improve your skills in successfully managing effective attorney-client relationships.”

With the Colonial Pipeline attack making front page news, this caught my eye: “CNA Financial Paid $40 Million in Ransom After March Cyberattack” —

  • “CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack.”
    “The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly.”
  • “In a statement, a CNA spokesperson said the company followed the law. She said the company consulted and shared intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks.”
  • “In a security incident update published on May 12, CNA said it did ‘not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.'”
  • “According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people.”
  • “Hades was created by Evil Corp. in order to bypass U.S. sanctions placed on the hacking group, according to research published in March by the cybersecurity firm CrowdStrike Holdings Inc. In December 2019, the Treasury department announced sanctions on 17 individuals and six entities linked to Evil Corp. At the time, the Treasury department said Evil Corp used malware “to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.” The designation by the Treasury Department made it illegal for a U.S. company to knowingly pay a ransom to Evil Corp.”

And for those who read to the end, and worry about Ransomware, see: “Try This One Weird Trick Russian Hackers Hate” from security expert Brian Krebs.