The Security Ledger

AUGUST 20, 2019

We talk to Bruce McDonnell of the East West Institute about how insurers are responding. Related Stories Episode 155: Disinformation is a Cyber Weapon and APTs warm to Mobile Malware Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats NotPetya Horror Story Highlights Need for Holistic Security.

Insurance 40

Insurance Risk Healthcare Manufacturing 40

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

The Last Watchdog

APRIL 3, 2019

SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. Users re-defined. Compliance matters. As complexity has intensified, so have compliance challenges.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. SEC Statement and Guidance on Public Company Cybersecurity Disclosures.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Hunton Privacy

DECEMBER 18, 2017

As reported in BNA Privacy Law Watch , on December 6, 2017, health care provider 21st Century Oncology agreed to pay $2.3 million to settle charges by the Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) that its security practices led to a data breach involving patient information.

Data breaches 53

Data breaches Insurance Information Security Risk 53

Hunton Privacy

FEBRUARY 22, 2017

On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey (“Horizon”) agreed to pay $1.1 The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data.

Insurance 45

Insurance Privacy Encryption Passwords 45

Security Affairs

MAY 9, 2020

A few weeks later, threat actors launched multiple attacks that attempted to exploit the CVE 2017-11882 Office flaw to run a malicious executable. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. billion in global losses. “Over the past 90 days (Jan.

Government 68

Government Energy and Utilities Insurance Phishing 68

Security Affairs

DECEMBER 23, 2018

In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.

Data breaches 87

Data breaches Personal data Insurance Access 87

Hunton Privacy

JUNE 26, 2017

On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record $115 million settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people.

Data breaches 53

Data breaches Insurance Information Security Compliance 53

IT Governance

APRIL 10, 2019

On 6 July 2016, the EU officially adopted the NIS Directive (Directive on security of network and information systems) and gave each EU member state just under two years to implement its requirements into national law. Implementation status : Transposed, with Act 134 of 2017 and Government Decree 394/2017 (XII.

Compliance 52

Compliance Information Security Government Insurance 52

Security Affairs

NOVEMBER 30, 2020

According to local media, the ransomware operators have compromised systems containing sensitive information, including police reports and payroll. “Sources said the county is in the process of paying the $500,000 ransom as it’s insured for such attacks.”

Computer and Electronics 109

Computer and Electronics Ransomware Insurance Encryption 109

HL Chronicle of Data Protection

FEBRUARY 25, 2020

The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents. The NYDFS Regulation originally came into effect on March 1, 2017, and provided for a two-year implementation plan for companies to develop a robust cybersecurity program.

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation. The second incident occurred in March of 2019.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Data Matters

FEBRUARY 7, 2018

By August 28, 2017, Covered Entities were required to have a cybersecurity program in place, as well as a board (or senior officer) approved written cybersecurity policy and Chief Information Security Officer to help protect data and systems. They also became obligated to report cybersecurity events to the NYDFS. .

Compliance 60

Compliance Cybersecurity Information Security Privacy 60

IT Governance

MAY 3, 2018

Thousands of operations and appointments were cancelled as a result of the infection according to the 2017 National Audit Office (NAO) report on the incident, Investigation: WannaCry cyber attack and the NHS. million deductible”, and, since announcing the cyber security incident in September 2017, has “recorded insurance recoveries of $60.0

Computer and Electronics 50

Computer and Electronics Insurance Data breaches Information Security 50

IT Governance

MAY 1, 2018

CIR management can help your organisation mitigate the risk of information security incidents and minimise losses. Incident response planning is mandated as part of all major cyber security regimes. What does cyber incident response (CIR) management do? The common challenges facing incident response. It’s a legal requirement.

Information Security 58

Information Security Risk IoT Insurance 58

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? the security posture of vendor partners). Image: US Chamber of Commerce.

Security 196

Security Energy and Utilities Risk Data breaches 196

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

Hunton Privacy

JULY 23, 2015

A brief summary of the data security requirements for health insurers and state contractors is set forth below: Health Insurers. Implement access controls and authentication measures to ensure that access to personal information is limited only to those who need it in connection with their job function. State Contractors.

Insurance 49

Insurance Data breaches Encryption Authentication 49

Getting Information Done

APRIL 18, 2017

Ultimately, the chief information security officer (CISO) needs to understand the information footprint across systems, determine the value/risk of loss, and protect against cyberattacks through the deployment of control activities, which are commensurate with the value/risk of these information systems.

Government 53

Government Cybersecurity Insurance Information governance 53

IT Governance

JANUARY 19, 2018

New laws typically aren’t retroactive, but the ICO’s statement acknowledges the importance of patch management and effective information security management systems. Installing patches and updates when they’re available is one of the simplest ways of staying cyber secure. Retroactive punishment. Malware protection.

GDPR 60

GDPR Risk Insurance Government 60

Hunton Privacy

AUGUST 10, 2017

On August 9, 2017, Nationwide Mutual Insurance Co. million settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 In October 2012, Nationwide and its affiliate, Allied Property & Casualty Insurance Co. Nationwide”) agreed to a $5.5

Data breaches 45

Data breaches Insurance Data collection Risk 45

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Nor is the average pay hugely different among all three roles.

Security 222

Security Marketing Cybersecurity Data breaches 222

Data Matters

MAY 17, 2018

SB 315 faced opposition from both private companies and information security researchers. Senate subcommittee on consumer protection, product safety, insurance, and data security to question Uber’s chief information security officer about its bug bounty program and its reported $100,000 payment to the intruders.

Systems administration 60

Systems administration Information Security Cybersecurity Access 60

Hunton Privacy

JUNE 30, 2017

On June 26, 2017, Airway Oxygen, a provider of oxygen therapy and home medical equipment, reported that it was the subject of a ransomware attack affecting 500,000 patients’ protected health information. According to Airway Oxygen’s statement , the company discovered the presence of ransomware on its systems in April 2017.

Data breaches 56

Data breaches Ransomware Insurance Access 56

IT Governance

SEPTEMBER 4, 2018

In the 2017 WannaCry attack, for example, cyber criminals used ransomware to prevent victims from accessing their IP unless a ransom was paid. This type of attack can be incredibly disruptive and often the perpetrator will threaten to destroy information that they have breached unless the ransom is paid. What are the threats?

Healthcare 69

Healthcare Insurance Manufacturing Risk 69

Hunton Privacy

JANUARY 25, 2017

On January 18, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) relating to a breach of protected health information (“PHI”) contained on a portable storage device.

Security awareness 40

Security awareness Insurance Risk Compliance 40

Data Matters

AUGUST 27, 2018

By March 1, 2019, Covered Entities must have security policies in place that govern the security of third-party service providers and, by that deadline, must implement such written security policies. They also became obligated to report cybersecurity events to the NYDFS.

Cybersecurity 60

Cybersecurity Compliance Encryption Risk 60

AIIM

MARCH 12, 2018

2017: A Digitally “Transformative” Year. Digital Preservation – Is Your Current Approach to Managing Long-Term Digital Information Failing the Business? Information Privacy and Security: GDPR is Just the Tip of the Iceberg. 4 Ways Uncontrolled Information Stands in the Way of Your Digital Transformation Plans.

ECM 93

ECM Digital transformation Digital preservation GDPR 93

Hunton Privacy

JANUARY 16, 2021

million civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights (“OCR”) in 2017 against the University of Texas M.D. The United States Court of Appeals for the Fifth Circuit recently vacated a $4.3 Anderson Cancer Center (“MD Anderson”). Read the court’s holding here.

Encryption 71

Encryption Privacy Insurance Security 71

IT Governance

OCTOBER 31, 2023

Thousands of drivers have sensitive data exposed to hackers in major IT breach Date of breach: Unclear, but breached documents date back to 2017. Incident details: A security vulnerability in a third party left personal data exposed of thousands of motorists who had their vehicle towed on behalf of the An Garda Síochána.

Data Privacy 52

Data Privacy Privacy Security Data breaches 52

Hunton Privacy

FEBRUARY 3, 2017

On February 1, 2017, the U.S. This is the third enforcement action taken by OCR in 2017, following the respective actions taken against MAPFRE Life Insurance of Puerto Rico and Presence Health earlier in January. Children’s prior history of noncompliance with the HIPAA Privacy and Security Rules.

Privacy 40

Privacy Security Insurance Encryption 40

Security Affairs

DECEMBER 23, 2019

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA.

Authentication 73

Authentication Insurance Access Government 73

Hunton Privacy

MAY 16, 2017

On May 12, 2017, a massive ransomware attack began affecting tens of thousands of computer systems in over 100 countries. In a November 2016 blog entry , the FTC noted that “a business’ failure to secure its networks from ransomware can cause significant harm to the consumers (and employees) whose personal data is hacked.

Ransomware 61

Ransomware Insurance Access Information Security 61

Hunton Privacy

MAY 17, 2017

On May 10, 2017, the U.S. million civil monetary penalty against Memorial Hermann Health System (“MHHS”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule. . Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced a $2.4

Privacy 49

Privacy Compliance Insurance IT 49

Hunton Privacy

JULY 25, 2017

On July 25, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced the release of an updated web tool that highlights recent data breaches of health information. tips for consumers. tips for consumers.

Data breaches 40

Data breaches Insurance Paper Archiving 40