Education, Information Security and Insurance - Information Management Today

Pennsylvania State Education Association data breach impacts 500,000 individuals

Security Affairs

MARCH 20, 2025

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals. The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is affiliated with the National Education Association (NEA).

Education

Education Data breaches Passwords Insurance

Insurance scams via QR codes: how to recognise and defend yourself

Security Affairs

MARCH 12, 2024

The Postal Police has issued an alert to warn citizens against insurance scams using QR codes. In practice, fake insurance operators contact victims through calls, messages, or sponsorships on social networks, offering policies at advantageous prices. Education improves awareness” is his slogan.

Insurance

Insurance Education Personal data Sales

Health insurer Point32Health suffered a ransomware attack

Security Affairs

APRIL 23, 2023

Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17. ” reads the statement published by the insurer.

Insurance

Insurance Ransomware Cybersecurity Education

Webinars

How to Achieve High-Accuracy Results When Using LLMs

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

SEC warns of investment scams related to Hurricane Ida

Security Affairs

SEPTEMBER 4, 2021

The US Securities and Exchange Commission (SEC)’s Office of Investor Education and Advocacy is warning investors of potential investment scams related to Hurricane Ida. Fraudsters also may target individuals receiving compensation from insurance companies.” ” reads the alert published by SEC.

Cleanup

Cleanup Insurance Education Security

Ransomware infected systems at Xchanging, a DXC subsidiary

Security Affairs

JULY 6, 2020

Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services to the commercial insurance industry. Xchanging is primarily an insurance managed services business that operates on a standalone basis.”

Ransomware

Ransomware Insurance Financial Services Manufacturing

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches

Data breaches Insurance Paper Access

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

Compromised data may include the Social Security number (SSN), date of birth, driver’s license/state identification number, and taxpayer identification number. The attackers also gained access to medical information and health insurance information of some individuals. people appeared first on Security Affairs.

Data breaches

Data breaches Insurance Education Cybersecurity

German IT provider Bitmarck hit by cyberattack

Security Affairs

MAY 1, 2023

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. “We very much regret the inconvenience caused to our customers, service providers and insured persons and are working to restore the systems as quickly as possible.”

Insurance

Insurance IT Data breaches Education

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

million Teachers Insurance and Annuity Association of America 2.6 The most heavily impacted sectors are finance and professional services and education, which account for 24.3 The most impacted sectors are finance, professional services, and education, which collectively account for over 48% of reported victims.” million “U.S.-based

Data breaches

Data breaches Retail Education Ransomware

Welltok data breach impacted 8.5 million patients in the U.S.

Security Affairs

NOVEMBER 23, 2023

For some of the impacted individuals, threat actors also gained access to Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. The company has no evidence that any of patients’ information has been misused. million Genworth 2.5 million PH Tech 1.7 million “U.S.-based

Data breaches

Data breaches Insurance Ransomware Education

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Security Affairs

AUGUST 28, 2023

million Teachers Insurance and Annuity Association of America 2.6 “The most heavily impacted sectors are finance and professional services and education, which account for 24.3 ” The experts explained that is impossible to accurately calculate the cost of the MOVEit security breaches. million Genworth 2.5

Insurance

Insurance Ransomware Data breaches Education

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Security Affairs

SEPTEMBER 13, 2024

The network also includes a children’s hospital, rehabilitation centers, and partnerships with academic institutions to support medical education and research. It also added that “the information for a limited number of individuals included clinical images of patients during treatment.”

Data breaches

Data breaches Ransomware Insurance Education

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Security Affairs

DECEMBER 16, 2023

Its mission is to improve the lives of people worldwide through research, clinical care and education. Fred Hutchinson Cancer Research Center is an independent, nonprofit research institute based in Seattle, Washington. The center’s research focuses on cancer prevention, diagnosis, treatment and survivorship. ” Robert M.

Ransomware

Ransomware Insurance Education Marketing

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

CISA updated its Secure by Design guidance, and the EUs Cyber Resilience Act and NIS2 added new requirements. Proactive collaboration and cyber risk quantification are key to ensuring operational resilience and security. Overemphasizing compliance risks diverting resources from advanced security challenges.

Compliance

Compliance Cybersecurity Privacy Risk

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

Security Affairs

AUGUST 14, 2023

The US State Department offered a $10 million reward for any information which would link members of the Cl0p ransomware gang to a foreign government. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. state of Colorado.

Data breaches

Data breaches Ransomware Education Access

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

According to the notice published on the website of the OAG on August 07, 2023, exposed personal information includes names, addresses, social security information, health information, and health insurance information. The Dallas City Council has approved a budget of $8.5

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

AUGUST 19, 2019

The public availability of such kind of information could expose the owners to identity theft and other scams. The experts also discovered a large number of insurance certificates that expose various personally identifiable information (PII), such as names, phone numbers, postal and email addresses.

Military

Military Insurance Education Phishing

TA505 group updates tactics and expands the list of targets

Security Affairs

AUGUST 28, 2019

and which used emails with subjects pertaining to finance or urgent concerns on insurance policies. The emails used in these campaigns used subjects pertaining to finance or urgent concerns on insurance policies.” ” continues the report. XLS or VBA.DOC macros.” ” continues the report. XLS or VBA.DOC macros.”

e-Delivery

e-Delivery Insurance Retail Government

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

Small Business Development Center (SBDC) locations to secure educational materials, enroll in programs, and work with representatives from the Department of Homeland Security to better understand and confront cyber threats and risks. What Does the SBCAA Seek to Accomplish? Until the U.S. implements a similar measure, U.S.

Cybersecurity

Cybersecurity Education Government Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance

Insurance Financial Services Cybersecurity Risk

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

ICICI Bank’s response Threat to financial accounts Finance and insurance are one of the most targeted industries by cybercriminals. Unfortunately, Cybernews journalist’s email was rejected, and, at the time of writing, we’ve received no official response from the bank.

Personal data

Personal data Phishing Risk Communications

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. The act also requires institutions to allow customers to opt out of having their information shared with non-affiliated third parties.

Cybersecurity

Cybersecurity Computer and Electronics Compliance Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data Privacy

Data Privacy Compliance Privacy Security

How can organisations close the cyber security skills gap?

IT Governance

SEPTEMBER 15, 2021

In theory, this should be no different when it comes to cyber security. Whether it’s a top-level role, such as a CISO (chief information security officer), or a member of the IT team who takes on security-related tasks, there are plenty of job roles suited for varying levels of seniority and experience.

Security

Security Insurance Education Government

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). Violations of the Act are subject to civil penalties.

Privacy

Privacy Insurance Marketing Information governance

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023.

Data breaches

Data breaches Insurance Personal data Ransomware

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. Source (New) Professional services Netherlands Yes 28.3 Source (New) Professional services Netherlands Yes 28.3

Data Privacy

Data Privacy Privacy Security Data breaches

11 cyber security predictions for 2020

IT Governance

JANUARY 9, 2020

With that in mind, Geraint Williams, IT Governance’s chief information security officer, discusses his cyber security predictions in the upcoming year. Cyber insurance has in some regions encouraged victims to pay as it is cheaper than remediation in some cases. Our predictions. Ransomware will continue to increase.

Security

Security IoT Phishing Ransomware

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

IT Governance

MARCH 1, 2022

Morrow, OD notifies patients of data security incident (unknown) Ukrainian websites struck by DDoS attacks as Russia launches invasion (unknown) Cookware distribution giant Meyer discloses data breach (unknown) CVS Pharmacy discloses security incident (6,221) Ethos Technologies targeted in ‘sophisticated’ cyber attack (13,300) South Shore Hospital (..)

Data breaches

Data breaches Ransomware Government Blockchain

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 million individuals. Notably, the lawsuit was the first-ever multistate litigation alleging claims under HIPAA.

Data breaches

Data breaches IT Insurance Privacy

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: Network disruption likely caused by a cyber attack, as “third-party information security experts” are involved. Casio Issues Apology and Notice Concerning Personal Information Leak Date of breach: 11 October 2023. Breached organisation: ClassPad.net, an educational web application operated by Casio Computer Co.,

Data Privacy

Data Privacy Privacy Security Data breaches

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

Of the businesses surveyed, those in the finance and insurance industries had the highest levels of awareness (79%), followed by information and communications (67%) and education (52%). It is important to remember that a key component of any organisation’s GDPR compliance framework is staff awareness and education.

GDPR

GDPR Government Education Compliance

Catches of the Month: Phishing Scams for April 2023

IT Governance

APRIL 11, 2023

Commenting on the report, Cofense Vice President and Chief Information Security Officer Tonia Dudley highlighted the increase in cyber attacks conducted by nation states. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

Phishing

Phishing Passwords Ransomware Insurance

Iowa House and Senate Unanimously Vote to Approve Comprehensive Privacy Legislation

Hunton Privacy

MARCH 17, 2023

Controller Obligations Controllers would be required to implement reasonable security practices, provide a compliant privacy notice to consumers and enter into agreements with processors that handle the controller’s personal data.

Privacy

Privacy Personal data Sales Insurance

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

The GDPR considers personal data to be anything that identifies, or can be used to identify, a living person, such as your name, National Insurance number or email address (personal or work). Things get a little more complicated when you factor in that each piece of information doesn’t have to be taken on its own.

GDPR

GDPR Compliance Personal data Data breaches

Massachusetts Hospital Settles Data Breach Lawsuit

Hunton Privacy

JUNE 7, 2012

Several of the boxes went missing and have yet to be recovered, though there is no evidence that the information on the missing tapes has been misused.

Data breaches

Data breaches Privacy Insurance Education

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Penetration testing : Tests security controls to verify correct implementation, detect vulnerabilities, and confirm adequate security controls for risk reduction goals. Cybersecurity training : Educates employees regarding basic best practices to recognize attacks, avoid scams, and protect against breaches or data loss.

Security

Security Cloud Cybersecurity Access

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

Hunton Privacy

NOVEMBER 25, 2014

The Attorney General alleged that the breach was a result of BIDMC’s failure to lawfully protect the personal and protected health information of its patients and employees in violation of the Massachusetts Consumer Protection Act, the Massachusetts Data Security Law, and the federal Health Insurance Portability and Accountability Act.

Security

Security Insurance Data breaches Education

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

Armstrong Archives

DECEMBER 19, 2023

No matter the size of a business, a well-defined record retention policy serves multiple purposes: ensuring compliance with legal and regulatory requirements, aiding in efficient document management, and securing sensitive information. This act mandates the retention of financial records and audits for a minimum of five years.

Compliance

Compliance Archiving Digital transformation Records Management

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Hunton Privacy

JULY 11, 2017

According to the Draft Regulations, this may include network facilities and information systems operated and managed by (1) government agencies and entities in the energy, finance, transportation, water conservation, health care, education, social insurance, environmental protection and public utilities sectors; (2) information networks, such as telecommunications (..)

Energy and Utilities

Energy and Utilities Security Cybersecurity Manufacturing

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

Information Governance Perspectives

MAY 10, 2020

Session Description: Tackling data privacy and maintaining consumer trust is harder than ever, especially with the sheer amount of information you need to manage and with constantly evolving privacy laws (CCPA, GDPR, etc) moving the goalposts. Some other components here… internal monitoring and auditing.

Compliance

Compliance Information governance Privacy Data Privacy

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

At present, these include data users in the communications, banking and finance, insurance, health care, tourism and hospitality, transportation, education, direct sales, services, real estate and utilities sectors. The law allows the Minister to designate classes of data users who must register their data processing activities.

Personal data

Personal data Marketing Communications Insurance

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

The databases also held special category personal data including ethnic origin; religion; details of disabilities; sexual orientation, and health information relevant to ill-heath retirement applications. On the face of it, this is a sizeable fine issued to a non household name controller for perceived failings in information security.

Security

Security GDPR Personal data Insurance

Pennsylvania State Education Association data breach impacts 500,000 individuals

Insurance scams via QR codes: how to recognise and defend yourself

Webinars

Trending Sources

Health insurer Point32Health suffered a ransomware attack

Webinars

SEC warns of investment scams related to Hurricane Ida

Ransomware infected systems at Xchanging, a DXC subsidiary

Data Breach: Turkish legal advising company exposed over 15,000 clients

The State of Maine disclosed a data breach that impacted 1.3M people

German IT provider Bitmarck hit by cyberattack

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Welltok data breach impacted 8.5 million patients in the U.S.

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

TA505 group updates tactics and expands the list of targets

The Problem With the Small Business Cybersecurity Assistance Act

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Multinational ICICI Bank leaks passports and credit card numbers

2024 Cybersecurity Laws & Regulations

Security Compliance & Data Privacy Regulations

How can organisations close the cyber security skills gap?

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

List of Data Breaches and Cyber Attacks in 2023

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

11 cyber security predictions for 2020

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Government survey reveals GDPR awareness is falling short

Catches of the Month: Phishing Scams for April 2023

Iowa House and Senate Unanimously Vote to Approve Comprehensive Privacy Legislation

Wake up to the reality of the GDPR: What you need to know about compliance

Massachusetts Hospital Settles Data Breach Lawsuit

Network Security Architecture: Best Practices & Tools

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

Malaysian Data Protection Law Takes Effect

ICO issue fine of £4.4 to Interserve for security failings

Stay Connected