HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

JANUARY 6, 2019

The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox, Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks. “What’s the takeaway? “ There’s five layers to go.

Insurance 111

Insurance Data breaches Sales Government 111

eSecurity Planet

FEBRUARY 11, 2022

The simplest example may be insurance. Life, health, auto, and other insurance are all designed to help a person protect against losses. This article looks at cybersecurity risk management, how to establish a risk management system, and best practices for building resilience. What is Cybersecurity Risk Management?

Risk 145

Risk Cybersecurity Encryption Access 145

Hunton Privacy

JANUARY 16, 2021

million civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights (“OCR”) in 2017 against the University of Texas M.D. The United States Court of Appeals for the Fifth Circuit recently vacated a $4.3 Anderson Cancer Center (“MD Anderson”). OCR investigated and imposed the $4.3

Encryption 71

Encryption Privacy Insurance Security 71

Schneier on Security

FEBRUARY 28, 2024

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The 9/11 attacks cost insurers and reinsurers $47 billion.

Insurance 116

Insurance Government Cybersecurity Risk 116

Security Affairs

NOVEMBER 30, 2020

“Sources told Action News, the cybercriminals gained control of the network on Saturday encrypting files, including police reports, payroll, purchasing, and other databases. . “Sources said the county is in the process of paying the $500,000 ransom as it’s insured for such attacks.”

Computer and Electronics 109

Computer and Electronics Ransomware Insurance Encryption 109

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity 85

Cybersecurity Risk Financial Services Insurance 85

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” Jump to: What is ransomware?

Ransomware 97

Ransomware Encryption Insurance Cloud 97

Data Protection Report

AUGUST 29, 2017

A “breach of security” will now exclude unauthorized acquisition of encrypted data unless the acquisition includes, or is reasonably believed to include, the encryption key and the person who owns or licenses the data has a reasonable belief that the encryption key could render that personal information readable or useable.

Data breaches 40

Data breaches Insurance Encryption Passwords 40

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. September 27, 2017 – the initial 30-day period for filing Notices of Exemption ends.

Cybersecurity 53

Cybersecurity Compliance Financial Services Insurance 53

Hunton Privacy

FEBRUARY 3, 2017

On February 1, 2017, the U.S. This is the third enforcement action taken by OCR in 2017, following the respective actions taken against MAPFRE Life Insurance of Puerto Rico and Presence Health earlier in January. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced a $3.2

Privacy 40

Privacy Security Insurance Encryption 40

Hunton Privacy

JANUARY 25, 2017

On January 18, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) relating to a breach of protected health information (“PHI”) contained on a portable storage device.

Security awareness 40

Security awareness Insurance Risk Compliance 40

HL Chronicle of Data Protection

FEBRUARY 25, 2020

The NYDFS Regulation originally came into effect on March 1, 2017, and provided for a two-year implementation plan for companies to develop a robust cybersecurity program. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Hunton Privacy

JULY 23, 2015

A brief summary of the data security requirements for health insurers and state contractors is set forth below: Health Insurers. Encrypt personal information being transmitted or while stored on a portable device. On July 1, 2015, Connecticut’s governor signed into law Public Act No. State Contractors.

Insurance 49

Insurance Data breaches Encryption Authentication 49

Data Protection Report

SEPTEMBER 11, 2017

In one example of a post-attack disclosure, FedEx’s most recent 10-K (May 2017) discusses the impact of the WannaCry and Petya attacks on FedEx systems and subsidiaries. Still, in what for the moment might seem like a more pedestrian risk, companies continue to be affected by ransomware. Here is how some companies have addressed it.

Risk 40

Risk Ransomware Insurance Data breaches 40

eSecurity Planet

SEPTEMBER 14, 2022

According to statistics from the FBI’s 2021 Internet Crime Report , complaints to the Internet Crime Complaint Center (IC3) have been rising since 2017. Finance and insurance finished a close second at 22.4%. Finance and insurance companies were particularly vulnerable to the sort of phishing scams we’re talking about.

Energy and Utilities 120

Energy and Utilities Phishing Blockchain Cybersecurity 120

The Last Watchdog

AUGUST 1, 2019

That includes social security and social insurance numbers, bank account numbers, phone numbers, birth dates, email addresses and self-reported income; in short, just about everything on an identity thief’s wish list. In addition, sensitive data was not encrypted at rest, and no one was auditing access logs. This was the Perfect Storm.

Data Privacy 198

Data Privacy Privacy Data breaches Cloud 198

Data Matters

AUGUST 27, 2018

The NYDFS has been assisting Covered Entities with compliance questions through its frequently asked questions (“FAQs”) and answers on the NYDFS website, originally published on June 20, 2017 and updated most recently on August 9, 2018. They also became obligated to report cybersecurity events to the NYDFS.

Cybersecurity 60

Cybersecurity Compliance Encryption Risk 60

Info Source

DECEMBER 7, 2017

Westampton, NJ – December 7, 2017 – We are pleased to announce that Mavro Imaging is celebrating its ten-year anniversary. Built-in End-to-End Encryption. In just ten short years, Mavro’s flagship document imaging and data capture software, MavBridge™, has become a customer favorite in the industry. Intelligent Check Separation.

Insurance 40

Insurance Encryption Government IT 40

IT Governance

OCTOBER 23, 2018

The data included bank account details, salary information, dates of birth, National Insurance numbers, addresses and phone numbers. Supermarket giant Morrisons has lost the latest round in the legal battle for compensation by thousands of its staff whose personal details were leaked on the Internet. The background. What happens next?

Personal data 44

Personal data Data breaches Risk Insurance 44

eDiscovery Daily

APRIL 7, 2019

Janik begins his article by referencing the DLA Piper NotPetya ransomware attack in 2017, as follows: “Imagine it’s a usual Tuesday morning, and coffee in hand you stroll into your office. A recent American Bar Association report stated that 22% of law firms reported a cyberattack or data breach in 2017, up from 14% the year before.

Data breaches 57

Data breaches Cybersecurity e-Discovery Computer and Electronics 57

Data Protection Report

JANUARY 7, 2019

Entities covered by the Regulation, which includes not only banks and insurers, but also other financial service institutions and licensees regulated by the DFS that utilize third-party service providers, will be required to implement third-party risk management programs by March 1. Third-party service provider risk management program.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. See FTC press release Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach , July 22, 2019.). Equifax agreed to pay between $575 million and $700 million in total.

Cloud 41

Cloud Data breaches Encryption Access 41

Hunton Privacy

MAY 16, 2017

On May 12, 2017, a massive ransomware attack began affecting tens of thousands of computer systems in over 100 countries. The ransomware, known as “WannaCry,” leverages a Windows vulnerability and encrypts files on infected systems and demands payment for their release.

Ransomware 61

Ransomware Insurance Access Information Security 61

DLA Piper Privacy Matters

OCTOBER 20, 2017

On 18 October 2017, WP29 published proposed Guidelines on two key aspects of the GDPR – namely: Personal Data Breach Notification (Articles 33/34); and. Both proposed Guidelines are open for consultation until 28 November 2017. Profiling and Automated Decision Making (Article 22). Data Breach Notification.

Data breaches 40

Data breaches Personal data Encryption GDPR 40

Hunton Privacy

JULY 11, 2017

On July 10, 2017, the Cyberspace Administration of China published a new draft of its Regulations on Protecting the Security of Key Information Infrastructure (the “Draft Regulations”), and invited comment from the general public. The Draft Regulations will remain open for comment through August 10, 2017. This post has been updated. .

Energy and Utilities 45

Energy and Utilities Security Cybersecurity Manufacturing 45

Krebs on Security

JANUARY 19, 2022

is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. The IRS says it will require ID.me for all logins later this summer. McLean, Va.-based based ID.me After this, ID.me

Access 363

Access Insurance Authentication Government 363

HL Chronicle of Data Protection

MARCH 14, 2019

The Safeguards Rule, which originally went into effect in 2003, is process-oriented. It includes general, high level elements of a security program, but lacks detailed security steps. The proposed Rule would require FIs to implement an incident response plan. Chief Information Security Officer (“CISO”). Board reporting. Periodic risk assessments.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

eSecurity Planet

APRIL 6, 2023

Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. These keys are available to the attacker, and the encryption can only be decrypted using a private key. How Does Ransomware Work?

Ransomware 98

Ransomware Encryption Cybersecurity Risk 98

IT Governance

DECEMBER 27, 2019

Victims of Equifax’s 2017 data breach were given the go-ahead to launch a class-action lawsuit. A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories.

Data breaches 55

Data breaches GDPR Passwords Personal data 55

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws.

Insurance 66

Insurance Blockchain Big data Risk 66

IT Governance

FEBRUARY 5, 2018

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. Insurers assess an organisation’s cyber risk to set premium levels.

Insurance 55

Insurance Risk Government Paper 55

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. The CCPA goes into effect January 1, 2020. Right of Deletion.

Privacy 58

Privacy Sales Compliance Government 58

The Last Watchdog

AUGUST 15, 2019

A survey of local media reports by Recorded Future tallied 38 ransomware attacks against cities in 2017, rising to 53 attacks in 2018. insurance giant Beazley Worldwide reported that the average ransomware demand in 2018 was more than $116,000, a figure admittedly skewed by some very large demands. “All we know is MONEY!

Ransomware 196

Ransomware Access Cybersecurity Insurance 196

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. The CCPA goes into effect January 1, 2020. Right of Deletion.

Privacy 58

Privacy Sales Education Compliance 58

Adam Levin

MAY 19, 2021

Equifax, 2017: A data breach impacted almost 150 million Equifax customers, who subsequently reported identity-related crimes using that data. Many companies now offer insurance policies that can help you recoup lost money, and even help you through the reporting and recovery process. Takeaways .

Risk 87

Risk Data breaches Cybersecurity Insurance 87