Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. But after being presented with a document including the Social Security number of a health professional in D.C. Washington, D.C.

Access 296

Access Authentication Information Security Communications 296

Security Affairs

APRIL 29, 2024

Hutcheson allegedly provided irrelevant documents, such as health insurance and auto insurance policies, along with pages from sheriff training manuals, as evidence of authorization to access the data.

Insurance 103

Insurance Communications Access IT 103

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

APRIL 10, 2024

The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members in the Madison metropolitan area of Wisconsin. The company pointed out that they have no indication that information has been used or further disclosed.

Data breaches 122

Data breaches e-Discovery Ransomware Insurance 122

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches 103

Data breaches Insurance Paper Access 103

Armstrong Archives

DECEMBER 19, 2023

Everything from tax documents to employee files to bank statements must be kept on file, often for years at a time. At Armstrong Archives , we’re proud to stand at the forefront of records management, offering expert guidance in record retention policy and document management, ensuring that our clients stay compliant and efficient.

Compliance 52

Compliance Archiving Digital transformation Sales 52

Security Affairs

NOVEMBER 17, 2023

TFS offers various financial products, including auto loans, leases, and insurance solutions. Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services 130

Financial Services Ransomware Data breaches Insurance 130

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Ransomware 341

Ransomware Security Agriculture Cybersecurity 341

Security Affairs

DECEMBER 11, 2023

TFS offers various financial products, including auto loans, leases, and insurance solutions. Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services 120

Financial Services Data breaches Ransomware Insurance 120

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. Drug prescription listings).

Insurance 118

Insurance Passwords Libraries Access 118

IT Governance

OCTOBER 11, 2022

This process should be embedded within your overall cyber security measures in what experts refer to as cyber defence in depth. The framework consists of five interrelated stages (or ‘layers’) to help organisations manage information security risks across all parts of their business. Why Cyber Insurance is Essential in 2022.

Risk 124

Risk GDPR Information Security Personal data 124

Security Affairs

APRIL 16, 2024

Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. According to the announcement, the stolen data includes: - 285 Gb of quality control data - 24 Gb - 896 client folders, many famous brands like SpaceX, IBM, Apple, Huawei, etc. -

Ransomware 117

Ransomware Manufacturing Insurance Cybersecurity 117

IT Governance

JULY 6, 2020

Many of those organisations have correctly identified malware as a top priority, with 45% saying they’ve taken extra security precautions to tackle the threat, compared to 26% in 2015. For example, the report found that: Only 9% of organisations have a documented cyber security policy; Only 10% have cyber insurance; and.

Information Security 142

Information Security Phishing IoT Insurance 142

Security Affairs

NOVEMBER 8, 2022

Australian health insurer Medibank confirmed that personal data belonging to around 9.7 Medibank is one of the largest Australian private health insurance providers with approximately 3.9 Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers. million customers.

Ransomware 91

Ransomware Insurance Personal data Data breaches 91

Security Affairs

JANUARY 18, 2023

The security loophole resulted in millions of private documents being revealed to the public. Researchers found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services.

Privacy 87

Privacy Insurance Personal data Phishing 87

Security Affairs

JANUARY 7, 2023

The gang initially leaked samples of the stolen data as proof of the attack, it claimed to have stolen contracts, NDA and other agreements documents, company private info (budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Ransomware 82

Ransomware Insurance Data breaches Access 82

IT Governance

NOVEMBER 6, 2023

On 2 September, it confirmed that an unauthorised party had accessed or removed some of its files, some of which contained confidential patient information. Compromised information included patients’ names, dates of birth, postal addresses, Social Security numbers, diagnosis and treatment information, and health insurance information.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Security Affairs

FEBRUARY 26, 2023

The attackers compromised one of the company systems and had access to the emails and documents of some employees. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. Not all of this information was impacted for each affected individual.

IT 89

IT Data breaches Insurance Cybersecurity 89

Hunton Privacy

FEBRUARY 29, 2024

The Corrective Action Plan also requires GRBH to submit implementation and annual reports to HHS and comply with document retention requirements. Review all business associate agreements and other vendor agreements within 60 days.

Ransomware 111

Ransomware Personal data Risk Privacy 111

Security Affairs

JUNE 16, 2020

Researchers at cybernews.com recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of passports, credit cards, and health insurance cards. What data is in the bucket? At the time of discovery, the data bucket contained 7,515 PDF and 25,895 JPG files.

Sales 100

Sales Personal data Insurance Marketing 100

eSecurity Planet

DECEMBER 9, 2021

Document the incident response process as a plan. Some of us don’t formally document our processes. We need to regularly update our documentation on a quarterly, annual, or event-driven schedule. Then we must effectively circulate the incident response documents. Document contingencies. Document contingencies.

Insurance 125

Insurance Ransomware Data breaches Cloud 125

Hunton Privacy

NOVEMBER 15, 2023

On December 5, 2022, the OAIC announced that it had commenced an investigation into the personal information handling practices of Medlab Pathology in relation to its notifiable data breach. The Allegations in the Case The originating documents are not yet publicly available. Class actions.

Data breaches 128

Data breaches Privacy Risk Information Security 128

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity 68

Cybersecurity Insurance Risk Compliance 68

The Last Watchdog

APRIL 3, 2019

Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies. Compliance matters. Public trust must be maintained.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 68

Financial Services Cybersecurity Insurance Risk 68

Security Affairs

OCTOBER 30, 2021

Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and impacted more than 209,048 individuals.

Access 96

Access Insurance Data breaches Security 96

Security Affairs

OCTOBER 1, 2023

Immediately after detecting the intrusion, the company launched an investigation with the help of leading third-party cybersecurity experts and is also coordinating with its insurers. On Thursday, CNN warned that the security breach may have exposed US DHS data after having obtained an internal memo of the agency.

Ransomware 133

Ransomware Insurance Cybersecurity Encryption 133

Security Affairs

JANUARY 23, 2024

uk @GossiTheDog @UK_Daniel_Card @SOSIntel @joetidy pic.twitter.com/erEvd0DtBT — Dominic Alvieri (@AlvieriD) January 22, 2024 The group claims to have stolen 750 gigabytes of sensitive data, including users’ personal documents and corporate documents. /southernwater.co[.]uk

Encryption 123

Encryption Ransomware Blockchain Insurance 123

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

Security Affairs

JUNE 5, 2020

“As per our researchers, this data leak includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.” . “Just like previous data leaks, the Cyble Research Team has also identified and verified this data leak.”

Ransomware 122

Ransomware Insurance Cybersecurity Security 122

Hunton Privacy

AUGUST 10, 2022

On July 21, 2022, the National Institute of Standards and Technology (“NIST”) released an updated draft of its HIPAA Security Rule guidance. NIST issued the updated draft guidance to align it with other NIST cybersecurity guidance documents that have been published since the original HIPAA Security Rule guidance was issued in 2008.

Security 64

Security Insurance Cybersecurity Risk 64

Security Affairs

DECEMBER 16, 2023

The threats were sent to a number of former and current Fred Hutch patients — as well as some who have received care from Hutch partner UW Medicine — and claimed the names, Social Security numbers, phone numbers, medical history, lab results and insurance history of more than 800,000 patients had been compromised.”

Ransomware 118

Ransomware Insurance Education Marketing 118

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

Hunton Privacy

JUNE 13, 2023

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”).

Risk 64

Risk Insurance Compliance Information Security 64

IBM Big Data Hub

MAY 28, 2024

Together, these comprehensive approaches not only deter threat actors but also standardize the management of sensitive data and corporate information security and limit any business operations lost to downtime. Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches 82

Data breaches GDPR Compliance Encryption 82

IT Governance

MAY 3, 2019

An RTP (risk treatment plan) is an essential part of an organisation’s ISO 27001 implementation process, as it documents the way your organisation will respond to identified threats. This option will make things less convenient for your employees but will drastically improve your security posture. What are your risk treatment options?

Risk 72

Risk Information Security Communications Insurance 72