HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Hunton Privacy

JANUARY 26, 2018

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification will come into effect on May 1, 2018.

Information Security 48

Information Security Security Privacy Personal data 48

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. The technologies existing in 2018 will undoubtedly differ from those that exist in 2020. Equifax was not special in this regard.

Security 164

Security Data Privacy Privacy Data breaches 164

Data Matters

FEBRUARY 7, 2018

Companies that are subject to New York’s Cybersecurity Regulation are moving quickly to finalize their compliance obligations under the Cybersecurity Regulation, as the second “due date” quickly approaches – February 15, 2018. They also became obligated to report cybersecurity events to the NYDFS. .

Compliance 60

Compliance Cybersecurity Information Security Privacy 60

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Data Matters

AUGUST 27, 2018

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches. For more background on the regulation, see our report, “NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls.”.

Cybersecurity 60

Cybersecurity Compliance Encryption Risk 60

IT Governance

SEPTEMBER 26, 2018

The Risk:Value 2018 Report by NTT Security discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against data breaches as “vital”. Want to find out more about ISO 27001?

Data breaches 85

Data breaches Insurance Information Security Compliance 85

Data Matters

JANUARY 2, 2018

We expect each of these trends to continue in 2018. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR. The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Data breach litigation risks.

Privacy 66

Privacy Cybersecurity Data breaches GDPR 66

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. But those aren’t the only laws or regulations that affect IT security teams.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. SEC Statement and Guidance on Public Company Cybersecurity Disclosures.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 MIE”) and its wholly owned subsidiary NoMoreClipboard, LLC. million individuals. million individuals.

Data breaches 58

Data breaches IT Insurance Privacy 58

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches 103

Data breaches Insurance Paper Access 103

Data Matters

FEBRUARY 6, 2019

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. 3, 2018). See Indiana v. Informatics Eng’g, Inc. ,

Data breaches 80

Data breaches Computer and Electronics Security Insurance 80

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

IT Governance

APRIL 10, 2019

On 6 July 2016, the EU officially adopted the NIS Directive (Directive on security of network and information systems) and gave each EU member state just under two years to implement its requirements into national law. Implementation status : Transposed, as the Cyber Security Act (94/2018). 360 of 2018.

Compliance 52

Compliance Information Security Government Insurance 52

IT Governance

NOVEMBER 6, 2023

While investigating the incident, it discovered that confidential consumer information had been accessed by an unauthorised third party. It secured its systems, notified law enforcement and began investigating the incident. Records breached: 815,000,000 Milford Management Corp. Boeing is “assessing the claim”.

Data Privacy 76

Data Privacy Privacy Security Libraries 76

Security Affairs

JUNE 20, 2019

The internal IT staff has been working with security consultants to restore the operations, but according to them the only way to decrypt the information was to pay the ransom. . On Monday, city officials participating to a rapid meeting unanimously voted to use the city’s insurance to pay a ransom of 65 bitcoins (~$603,000).

Insurance 92

Insurance Ransomware Encryption Government 92

Data Matters

JANUARY 8, 2019

On December 28, 2018, the U.S. The HICP is not limited to individually identifiable health information but instead covers organizations’ enterprise-level information security more generally. Department of Health and Human Services (HHS) released a four-volume cybersecurity guidance document for healthcare organizations.

Cybersecurity 72

Cybersecurity Insurance Phishing Government 72

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. .” ” continues the report. Pierluigi Paganini.

Access 97

Access Financial Services Retail Insurance 97

IT Governance

MAY 3, 2018

Hello and welcome to the IT Governance podcast for Friday, 4 May 2018. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.”. million according to its financial report for the first quarter of 2018.

Computer and Electronics 50

Computer and Electronics Insurance Data breaches Information Security 50

Data Protection Report

APRIL 7, 2022

CafePress included in its email responses to consumers’ commonly asked questions, “CafePress.com also pledges to use the best and most accepted methods and technologies to insure [sic] your personal information is safe and secure.” In addition, CafePress stated that it was in compliance with the U.S.-E.U. Privacy Shield.

Privacy 114

Privacy Compliance Insurance Data collection 114

Data Matters

JANUARY 28, 2022

Another example is the inclusion of remediation details for old vulnerabilities (including some dating back to 2018) and CISA stating that the Russian state-sponsored advanced persistent threat (“APT”) actors have used these “common but effective” vulnerabilities for attacks. Enable Controlled Folder Access.

Cybersecurity 155

Cybersecurity Financial Services Authentication Government 155

IT Governance

JANUARY 19, 2018

In the wake of the Meltdown and Spectre flaws revealed on 3 January 2018, the Information Commissioner’s Office (ICO) has warned that existing vulnerabilities could lead to punishment when the EU General Data Protection Regulation (GDPR) is enforced. Retroactive punishment. Boundary firewalls and Internet gateways. Malware protection.

GDPR 60

GDPR Risk Insurance Government 60

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? the security posture of vendor partners). Image: US Chamber of Commerce.

Security 196

Security Energy and Utilities Risk Data breaches 196

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

Security Affairs

OCTOBER 13, 2019

The hospital chain hasn’t revealed the amount it has paid to the crooks to decrypt the data, it seems that an insurance covered the cost. The hospital chain hasn’t revealed the amount it has paid to the crooks to decrypt the data, it seems that an insurance covered the cost. ” continues the post.

Ransomware 79

Ransomware Insurance Paper Government 79

IT Governance

SEPTEMBER 4, 2018

Last year, private healthcare giant BUPA suffered a breach affecting 108,000 health insurance policies when a rogue employee copied and removed information from the organisation. The information affected is said to have included names, date of birth, nationalities and insurance membership numbers. million fine.

Healthcare 69

Healthcare Insurance Manufacturing Risk 69

Security Affairs

JUNE 5, 2019

Securities and Exchange Commission (SEC) Quest revealed that the attackers broke into the web payment portal of the American Medical Collection Agency between August 1, 2018 and March 30, 2019. The security breach has impacted roughly 12 million of Quest Diagnostics ‘ patients and roughly 7.7 A filing with the U.S.

Data breaches 75

Data breaches Insurance Sales Security 75

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021.

Cybersecurity 52

Cybersecurity Personal data Risk Financial Services 52

Data Protection Report

JULY 9, 2018

On the security front, as of March 2018, all 50 U.S. Virgin Islands, have enacted breach notification laws that require businesses to notify consumers if their personal information is compromised. Alabama’s data breach notification law went into effect on June 1, 2018. Iowa’s law is set to take effect on July 1, 2018.

GDPR 40

GDPR Data breaches Personal data Insurance 40

Hunton Privacy

JUNE 8, 2018

On June 6, 2018, the U.S. Court of Appeals for the Eleventh Circuit vacated a 2016 Federal Trade Commission (“FTC”) order compelling LabMD to implement a “comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.”

Security 57

Security Information Security Insurance Risk 57

IT Governance

NOVEMBER 20, 2023

According to databreaches.net , the group exfiltrated tenant information, service management information, financial data, business data, property data, employee data and sensitive business information. For more information about the SEC cyber security disclosure rules, register for our free webinar on 30 November.)

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

JUNE 26, 2019

Crooks made a request of a ransom a week after the initial infection, they contacted the Lake City’s insurance provider, the League of Cities, which negotiated a payment of 42 bitcoins. In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data.

Ransomware 95

Ransomware Insurance Government IT 95

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Nor is the average pay hugely different among all three roles.

Security 222

Security Marketing Cybersecurity Data breaches 222

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). This is a worrisome finding, as it is only a matter of months until the new Regulation is enforced.

GDPR 49

GDPR Government Education Compliance 49

Security Affairs

AUGUST 13, 2020

The APT group RedCurl, discovered by Group-IB Threat Intelligence experts, has been active since at least 2018. Since then, it has conducted 26 targeted attacks on commercial organizations alone, including companies in the fields of construction , finance , consulting , retail , banking , insurance , law ,and travel.

Cloud 142

Cloud Phishing Analytics Access 142

Security Affairs

SEPTEMBER 15, 2022

From June 2018 to January 2019: cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the United States to replace legitimate customer banking and contact information with accounts under their control. The attacker stole $3.1 million with this attack. Require all accounts with password logins (e.g.,

Passwords 84

Passwords Phishing Authentication Communications 84