The governor of Louisiana has declared a state of emergency after three school districts experienced ransomware incidents. Per a press release by the governor’s office, the declaration “makes available state resources and allows for assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and others to assist local governments in responding to and preventing future data loss.”
The declaration recognizes the ongoing nature of the emergency and threat to other public and private entities operating in Louisiana. Subject to narrow exceptions, the declaration prohibits anyone from selling goods and services at prices higher than those charged at or immediately before the time that the emergency began. Further, the declaration authorizes and directs state departments, commissions, boards, agencies, and officers to take all actions necessary preserve the security and confidentiality of any data, including the execution of memoranda of understanding, non-disclosure agreements, and the like, and to work with other state officials to ensure the execution of a coordinated response to the event. Further, the declaration directs state actors to comply with the state’s breach notification law.
The robust response by Louisiana authorities to these incidents showcases the massive efforts required to remediate ransomware incidents impacting governmental organizations (and private organizations alike).
Attorneys from McDonald Hopkins’ Data Privacy and Cybersecurity Practice Group are available to assist public and private entities in preparing for and responding to and remediating ransomware incidents.