Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 It also means you probably don’t know whether or not anyone has accessed that data.

Insurance 282

Insurance Risk Financial Services Mining 282

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance 66

Insurance Security Cybersecurity Data breaches 66

Krebs on Security

AUGUST 14, 2020

billion in 2019. The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware 361

Ransomware Insurance Phishing IT 361

Data Protection Report

FEBRUARY 27, 2020

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. Until recently, there had not been an example of a cyber insurer actively participating in a recovery action. This is set out below.

Insurance 81

Insurance Risk Data breaches Personal data 81

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. Who had access to the data?

Insurance 115

Insurance Passwords Libraries Access 115

Hunton Privacy

JULY 1, 2022

(“Carnival”), the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation (23 NYCRR Part 500) in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. . NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity 115

Cybersecurity Insurance Phishing Financial Services 115

Krebs on Security

MAY 31, 2019

That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. No authentication was needed to access the digitized records.

Financial Services 214

Financial Services Insurance Sales Authentication 214

Hunton Privacy

FEBRUARY 29, 2024

It filed a breach report with OCR in February 2019, which then investigated the organization’s data practices starting in December 2019. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS.

Ransomware 111

Ransomware Personal data Risk Privacy 111

IT Governance

JUNE 27, 2019

June 2019’s total of 39,713,046 breached records is the lowest since May last year – the month that the GDPR (General Data Protection Regulation) came into effect. NY, government systems accessed by unauthorised party (unknown). Virginia-based insurer Dominion National investigating data breach dating back to 2010 (unknown).

Data breaches 111

Data breaches Personal data Ransomware GDPR 111

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

IT Governance

MAY 30, 2019

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total. which breached sixteen years’ worth of insurance data. Hackers breach Uniqlo’s online store, access customers’ details (460,000). leaked sixteen years’ worth of title insurance records (885 million).

Data breaches 111

Data breaches Personal data Ransomware Phishing 111

Krebs on Security

JUNE 4, 2019

1, 2018 and March 30, 2019. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.” Many readers wrote in to say they’d never heard of First American, but it is the largest title insurance company in the United States.

Insurance 253

Insurance Data Privacy Access Security 253

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

IT Governance

FEBRUARY 26, 2019

I count this month’s total of leaked records to be 692,853,046, bringing 2019’s total to 2,462,038,109. Major privacy breach: students could access hospital medical records. Possibility of data breach with mySalam health insurance scheme, Perkasa claims. Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale.

Data breaches 109

Data breaches Sales Phishing Ransomware 109

IT Governance

AUGUST 6, 2019

Students and undergraduate applicants to Lancaster University had their personal details stolen in a pair of breaches that were disclosed on 22 July 2019. The second attack targeted the university itself, with criminal hackers accessing the student records system and the details of a “very small number” of current students.

Phishing 68

Phishing Personal data Access Passwords 68

Security Affairs

OCTOBER 6, 2023

.” The Company states that its cybersecurity insurance will cover the financial losses and future expenses, however, the full scope of the costs and related impacts has yet to be determined.

Ransomware 127

Ransomware Insurance Cybersecurity IT 127

Security Affairs

NOVEMBER 13, 2020

The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party. The company launched an investigation into the incident that confirmed that the files had been accessed by an unauthorized third party. Vertafore announced that information of 27.7

Data breaches 133

Data breaches Insurance Access Security 133

eSecurity Planet

OCTOBER 18, 2022

First, call the cyber insurance company that issued the organization’s cybersecurity policy. Most insurance companies require specific incident response vendors, procedures, and reporting that must be met to meet the standards to be insured. Insured companies often will not have options. Eliminate attacker access.

Ransomware 145

Ransomware Encryption Insurance Access 145

Krebs on Security

APRIL 26, 2021

The first question asked about a new mortgage I supposedly took out in 2019 (I didn’t), and the answer was none of the above. ” CreditLock users can both enable multifactor authentication and get alerts when someone tries to access their account. “You won’t see alerts if someone tries to access your file.

Security 321

Security Authentication Access Insurance 321

eSecurity Planet

OCTOBER 18, 2021

The legal complaint [PDF] notes that on July 9, 2019, the day it was hit by a ransomware attack, Springhill Memorial Hospital contended that the event had “not affected patient care.” ” Cyber Insurance No Longer Reliable. Also read: Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs.

Ransomware 104

Ransomware Insurance Digital transformation Cybersecurity 104

Krebs on Security

AUGUST 17, 2023

Security experts investigating 16Shop found the service used an application programming interface (API) to manage its users, an innovation that allowed its proprietors to shut off access to customers who failed to pay a monthly fee, or for those attempting to copy or pirate the phishing kit.

Phishing 189

Phishing Passwords Insurance Data breaches 189

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Part one covers January to June, and will be followed by part in the coming days.

Data breaches 55

Data breaches GDPR Passwords Personal data 55

IT Governance

NOVEMBER 6, 2023

While investigating the incident, it discovered that confidential consumer information had been accessed by an unauthorised third party. On 2 September, it confirmed that an unauthorised party had accessed or removed some of its files, some of which contained confidential patient information.

Data Privacy 76

Data Privacy Privacy Security Libraries 76

Security Affairs

JANUARY 18, 2023

On December 12, 2022, the Cybernews research team discovered a publicly accessible database with 260GB of sensitive personal data belonging to myrocket.co, offering ‘end-to-end’ recruitment solutions and HR services for companies in India. HR management platform myrocket.co Original post at CyberNews.

Privacy 92

Privacy Insurance Personal data Access 92

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. Meanwhile, employees, partners, suppliers and customers are using their smartphones to gain access. Users re-defined. Compliance matters. Public trust must be maintained.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance 66

Insurance Paper Risk Big data 66

Hunton Privacy

NOVEMBER 13, 2023

On April 22, 2019, HHS began investigating DMS after receiving a breach notification indicating that DMS’ network server was infected by the Gandcrab ransomware in April 2017. DMS is a HIPAA business associate (“BA”) that provides payer credentialing and medical billing services to HIPAA Covered Entities (“CEs”).

Ransomware 72

Ransomware Risk Insurance Encryption 72

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. According to the consent order, the matter began when NSC reported a cybersecurity event to NYDFS on October 23, 2019. The second incident occurred in March of 2019.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Hunton Privacy

OCTOBER 25, 2022

million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020. On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4

Security 97

Security Personal data GDPR Insurance 97

Krebs on Security

FEBRUARY 20, 2024

First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. The government says Russian national Artur Sungatov used LockBit ransomware against victims in manufacturing, logistics, insurance and other companies throughout the United States. Department of Justice (DOJ).

Ransomware 276

Ransomware Encryption Insurance Manufacturing 276

Info Source

JANUARY 17, 2019

Moving into 2019, we will see AI combined with mobility and content understanding change entire workflows and processes within organizations, offices and factory floors. One of the most impactful technology trends we will see in 2019 is broad enterprise technology transition to self-service models.

Artificial Intelligence 40

Artificial Intelligence Digital transformation ECM Customer Experience 40

CGI

JANUARY 11, 2019

Fri, 01/11/2019 - 05:39. I thought it was about time we had a ‘glass half full’ perspective on Brexit, as too many Insurers are focussing on downsides at the expense of the opportunities. This works both ways and EU countries are also worried about their potential loss of access rights. Brexit the Opportunity. Add new comment.

Insurance 40

Insurance Marketing Big data Compliance 40

Security Affairs

OCTOBER 21, 2018

Hackers breached into a computer system that interacts with HealthCare.gov, according to Centers for Medicare and Medicaid Services, attackers accessed to the sensitive personal data of some 75,000 people. “The system that was hacked is used by insurance agents and brokers to directly enroll customers. .”

Insurance 93

Insurance Personal data Access Security 93

Security Affairs

JANUARY 7, 2020

Exposed data include names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. Attackers also accessed Social Security numbers and driver’s license numbers for some patients. .

Insurance 61

Insurance Access Security IT 61

Security Affairs

MAY 1, 2020

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files.

Ransomware 140

Ransomware Encryption Insurance Data breaches 140