2015, Information Security, Insurance and IT - Information Management Today

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. which suffered a data breach in 2015 affecting 78.8

Insurance

Insurance Ransomware Data breaches Computer and Electronics

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

Security Affairs

SEPTEMBER 29, 2020

Gallagher (AJG) insurance giant disclosed a ransomware attack, the security breach took place on Saturday. Gallagher (AJG) global insurance brokerage firm confirmed that it was his with a ransomware attack on Saturday, September 26. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Insurance

Insurance Ransomware Data breaches Cybersecurity

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. Pierluigi Paganini.

Insurance

Insurance Data breaches Financial Services Passwords

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. See CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. Ohio’s Act applies to licensees, defined as persons authorized, registered, or licensed under Ohio insurance laws, or required to be so.

Insurance

Insurance Security Cybersecurity Data breaches

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance

Insurance Security Cybersecurity Data breaches

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. S ee CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. S ee CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. 6491 (Act). MCL § 500.550. MCL § 500.553(g).

Insurance

Insurance Security Cybersecurity FOIA

UK cyber crime rate has doubled in the past five years

IT Governance

JULY 6, 2020

Beaming’s Five Years in Cyber Security found that 1.5 This equates to 25% of all UK businesses, compared to 13% in 2015. On the plus side, the average cost of breaches has fallen from £26,000 per incident in 2015 to £6,000 in 2019 – although that’s offset by the increase in the overall number of incidents.

Information Security

Information Security Phishing IoT Insurance

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Encryption Information Security

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

In 2015, the company controlled 55% of the U.S. Now the company confirmed attackers stole corporate and personal information impacting 35.5 VF immediately began taking measures to remediate the attack and launched an investigation into the security breach. million customers. million individual consumers.”

Data breaches

Data breaches Passwords Retail Insurance

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Last week, the Federal Trade Commission (“FTC”) got into the act as well, releasing two notices of proposed rulemaking (“NPRM”) on potential changes to its the Standards for Safeguarding Customer Information (“Safeguards Rule”) and Privacy of Consumer Financial Information Rule (“Privacy Rule”) under the Gramm-Leach-Bliley Act.

Privacy

Privacy IT Information Security Insurance

Maze Ransomware leaks files of ST Engineering group

Security Affairs

JUNE 5, 2020

“As per our researchers, this data leak includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Cybersecurity Security

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security

Security Ransomware Insurance Information Security

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 MIE”) and its wholly owned subsidiary NoMoreClipboard, LLC. million individuals. million individuals.

Data breaches

Data breaches IT Insurance Privacy

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services to the commercial insurance industry. Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services to the commercial insurance industry.

Ransomware

Ransomware Insurance Financial Services Manufacturing

Data from Airlink International UAE leaked on multiple dark web forums

Security Affairs

OCTOBER 8, 2020

Leaked data includes 14 folders and 53,555 files divided into the following categories: Passport scans Flight bookings Hotel bookings Email communications between Airlink International Group employees and customers Insurance policy for international travel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Insurance

Insurance Cybersecurity Communications Risk

Cyberattack shuts down La Porte County government systems

Security Affairs

JULY 8, 2019

The good news is that La Porte County has a cyber insurance that will cover part of the costs sustained to restore the activity after the attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6.

Government

Government Insurance Ransomware Cybersecurity

Cancer Center Settles with HHS for $2.3 Million over Data Breach

Hunton Privacy

DECEMBER 18, 2017

million to settle charges by the Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) that its security practices led to a data breach involving patient information. As reported in BNA Privacy Law Watch , on December 6, 2017, health care provider 21st Century Oncology agreed to pay $2.3

Data breaches

Data breaches Insurance Information Security Risk

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

MAY 1, 2020

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files. Maze Ransomware ransomware operators recently disclose other attacks against different organizations, including IT services giant Cognizant , and cyber insurer Chubb.

Ransomware

Ransomware Encryption Insurance Data breaches

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: Successful phishing attack, breaching records on a server that reached end of life in 2015, though the information itself was “of low-sensitivity and semi-public”. Breached organisation: Okta, security software company in California, US. Records breached: 91,000 individuals affected. Records breached: Unknown.

Data Privacy

Data Privacy Privacy Security Data breaches

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

MAY 9, 2020

The attacks targeted a major utility provider, a university, and a government agency in the United States, a health agency in Canada, a health insurance provider, an energy company in Australia, and a European medical publishing company to deliver various malware families. billion in global losses. “Over the past 90 days (Jan.

Government

Government Energy and Utilities Insurance Phishing

Experian South Africa discloses data breach, 24 million customers impacted

Security Affairs

AUGUST 20, 2020

The company revealed that only personal information was exposed in the data breach, no financial or credit-related information was compromised. A court order obtained by Experian allowed to seize the fraudsters’ equipment and stolen data was secured and deleted. ” reads the report. Pierluigi Paganini.

Data breaches

Data breaches Insurance Marketing Risk

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The lawsuit concerns a May 2015 data breach in which hackers allegedly stole health information relating to 3.9 represented in its privacy policy that the Company used encryption and authentication tools to protect information but failed to encrypt the data (at rest) on its computer systems. See Indiana v. 3:18-cv-00969 (N.D.

Data breaches

Data breaches Computer and Electronics Security Insurance

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

The Maryland Department of Labor announced it has suffered a data breach announced that exposed personally identifiable information. . The Maryland Department of Labor suffered a data breach, hackers accessed databases containing personally identifiable information (PII). ” continues the Department. . Pierluigi Paganini.

Data breaches

Data breaches Insurance Access Security

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia

Security Affairs

JUNE 16, 2020

Researchers at cybernews.com recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of passports, credit cards, and health insurance cards. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. What data is in the bucket?

Personal data

Personal data Sales Insurance Marketing

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

Security Affairs

DECEMBER 23, 2018

Rather than to notify the data breach to customers and law enforcement as is required by California’s data security breach notification law , the chief of information security Joe Sullivan ordered to pay the ransom and to cover the story destroying any evidence.

Data breaches

Data breaches Personal data Insurance Access

The Riviera Beach City pays $600,000 in ransom

Security Affairs

JUNE 20, 2019

The internal IT staff has been working with security consultants to restore the operations, but according to them the only way to decrypt the information was to pay the ransom. . On Monday, city officials participating to a rapid meeting unanimously voted to use the city’s insurance to pay a ransom of 65 bitcoins (~$603,000).

Insurance

Insurance Ransomware Encryption Government

Record Data Breach Settlement in Anthem Class Action

Hunton Privacy

JUNE 26, 2017

the nation’s second largest health insurer, reached a record $115 million settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Anthem announced in February 2015 that it had been the target of an external cyber attack.

Data breaches

Data breaches Insurance Information Security Compliance

Connecticut Passes New Data Protection Measures into Law

Hunton Privacy

JULY 23, 2015

On July 1, 2015, Connecticut’s governor signed into law Public Act No. On July 1, 2015, Connecticut’s governor signed into law Public Act No. A brief summary of the data security requirements for health insurers and state contractors is set forth below: Health Insurers. State Contractors.

Insurance

Insurance Data breaches Encryption Authentication

COVID-19 themed attacks increase in Brazil, India, and UK

Security Affairs

JUNE 13, 2020

Experts are also seeing an increase in the number of attacks masquerading as COVID-19 symptom tracking along phishing scams targeting insurance companies because people are looking to buy health insurance. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Google notes. Pierluigi Paganini.

Phishing

Phishing Insurance Government Access

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Data Matters

JANUARY 8, 2019

The publication, “ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015. attacks against connected medical devices that may affect patient safety.

Cybersecurity

Cybersecurity Insurance Phishing Government

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

These images include a screenshot of folders on a SeaChange server compromised by the gang, insurance certificates, a driver’s license, and a cover letter for a proposal sent to the Pentagon. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Data breaches Encryption

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Access

Access Financial Services Retail Insurance

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

According to the CISA’s report , Iranian hackers from an unnamed APT group are employing several known web shells, in attacks on IT, government, healthcare, financial, and insurance organizations across the United States. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

Passwords

Passwords Access Insurance Encryption

Alabama Hospital chain paid ransom to resume operations after ransomware attack

Security Affairs

OCTOBER 13, 2019

The hospital chain hasn’t revealed the amount it has paid to the crooks to decrypt the data, it seems that an insurance covered the cost. The hospital chain hasn’t revealed the amount it has paid to the crooks to decrypt the data, it seems that an insurance covered the cost. ” continues the post.

Ransomware

Ransomware Insurance Paper Government

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

APRIL 6, 2020

The digital wallet application Key Ring recently exposed information from its 14 million users. ” It is not clear how long the information remained exposed online, according to vpnMentor at least since January when they first spotted the unsecured bucket. ” reads the post published by vpnMentor. Pierluigi Paganini.

Retail

Retail Encryption Insurance Passwords

Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman

Security Affairs

JUNE 2, 2020

The files contain passports of Elexon staff members and an apparent business insurance application form. . In May Elexon , a middleman in the UK power grid network, was the victim of a cyber attack, its systems have been infected with the Sodinokibi ransomware. reads a post published by The Telegraph. It declined to give further details.”.

Ransomware

Ransomware Insurance Marketing IT

La Porte County finally opted to pay $130,000 Ransom

Security Affairs

JULY 15, 2019

Immediately after the attack, the county reported the incident to the FBI and was working with experts of some security firms to investigate the attack and mitigate the threat. ” It seems that $100,000 out of $130,000 are being covered by insurance. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Government Sales

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

Hanna Andersson started informing its customers via email, the company was informed by law enforcement on December 5 that data related to credit cards used by its customers on its websites were available for sale on the dark web. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Retail Cloud Insurance

Largest hospital system in New Jersey was hit by ransomware attack

Security Affairs

DECEMBER 15, 2019

Hackensack Meridian Health did not reveal the amount of money it has paid to crooks, according to a statement issued by the hospital it holds insurance coverage for such emergencies. ” According to Hackensack Meridian, there is no indication that attackers have accessed patient information or discloses it.

Ransomware

Ransomware Computer and Electronics Insurance Access

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

These images include a screenshot of folders on a SeaChange server compromised by the gang, insurance certificates, a driver’s license, and a cover letter for a proposal sent to the Pentagon. “In the first quarter of fiscal 2021, we experienced a ransomware attack on our information technology system,” reads the report.

Ransomware

Ransomware Data breaches Insurance Encryption

Patch your vulnerabilities now or risk punishment under the GDPR

IT Governance

JANUARY 19, 2018

New laws typically aren’t retroactive, but the ICO’s statement acknowledges the importance of patch management and effective information security management systems. Installing patches and updates when they’re available is one of the simplest ways of staying cyber secure. Boundary firewalls and Internet gateways.

GDPR

GDPR Risk Insurance Government

Oregon Department of Human Services data breach impacted 645,000 clients

Security Affairs

JUNE 20, 2019

Oregon Department of Human Services officials confirmed that the organization has suffered a data breach that has exposed personal details and health information of 645,000 clients. “The Oregon Department of Human Services is notifying about 645,000 clients whose personal information is now at risk from a January data breach. .

Data breaches

Data breaches Phishing Insurance Risk

Wyndham Settles FTC Charges in FTC v. Wyndham

Hunton Privacy

DECEMBER 9, 2015

On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corporation (“Wyndham”) settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices. The case is FTC v. Wyndham Worldwide Corporation, et al. (2:13-CV-01887-ES-JAD)

Data breaches

Data breaches Information Security Insurance Compliance

Change Healthcare Breach Hits 100M Americans

Arthur J. Gallagher (AJG) insurance giant discloses ransomware attack

Webinars

Trending Sources

American Insurance firm State Farm victim of credential stuffing attacks

Webinars

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

UK cyber crime rate has doubled in the past five years

University of Utah pays a $457,000 ransom to ransomware gang

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

VF Corp December data breach impacts 35 million customers

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Maze Ransomware leaks files of ST Engineering group

Security Affairs newsletter Round 284

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Ransomware infected systems at Xchanging, a DXC subsidiary

Data from Airlink International UAE leaked on multiple dark web forums

Cyberattack shuts down La Porte County government systems

Cancer Center Settles with HHS for $2.3 Million over Data Breach

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

The Week in Cyber Security and Data Privacy: 16–22 October 2023

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Experian South Africa discloses data breach, 24 million customers impacted

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Maryland Department of Labor discloses a data breach

30,000+ Italian sales agents’ personal data, IDs leaked by Ariix Italia

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

The Riviera Beach City pays $600,000 in ransom

Record Data Breach Settlement in Anthem Class Action

Connecticut Passes New Data Protection Measures into Law

COVID-19 themed attacks increase in Brazil, India, and UK

HHS Releases Cybersecurity Guidance for Healthcare Organizations

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Iran-linked APT group Pioneer Kitten sells access to hacked networks

US CISA report shares details on web shells used by Iranian hackers

Alabama Hospital chain paid ransom to resume operations after ransomware attack

Key Ring digital wallet exposes data of 14 Million users in data leak

Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman

La Porte County finally opted to pay $130,000 Ransom

US-based children’s clothing maker Hanna Andersson discloses a data breach

Largest hospital system in New Jersey was hit by ransomware attack

SeaChange video delivery provider discloses REVIL ransomware attack

Patch your vulnerabilities now or risk punishment under the GDPR

Oregon Department of Human Services data breach impacted 645,000 clients

Wyndham Settles FTC Charges in FTC v. Wyndham

Stay Connected