Exercises and Insurance - Information Management Today

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take. That’s why tabletop exercises are incredibly important.

Ransomware

Ransomware Encryption Insurance IT

Security Affairs newsletter Round 408 by Pierluigi Paganini

Security Affairs

FEBRUARY 26, 2023

If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Military Ransomware Insurance

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

IT Governance

JULY 30, 2024

According to Parametrix , an insurance company specialising in Cloud outages, cyber insurance policies likely cover up to 10–20% of losses only. Identifying the risks at a high level is, without question, an important exercise. Then there’s insurance. of its share price. What happens if that data is wrong or unavailable?

Insurance

Insurance Risk Encryption Manufacturing

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

JANUARY 2, 2019

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance

Insurance Cybersecurity Data breaches Encryption

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The Last Watchdog

AUGUST 1, 2023

1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. SMEs, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.

Insurance

Insurance Cybersecurity Risk Education

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. Unlawful Discrimination.

Insurance

Insurance Financial Services Compliance Retail

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Advise all employees to exercise caution while revealing sensitive information such as login credentials through phone or web communications. Update or draft an incident response plan, in accordance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.

Passwords

Passwords Phishing Authentication Communications

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019. The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

Back in the mid-1990s, big banks and insurance companies came up with something called “bespoke assessments” as the approach for assessing third party vendor risk. So much time and energy was put into the administrative exercise of just requesting data and responding to questionnaires,” Kneip says. “By

Risk

Risk Insurance Access Security

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

Additional bills, amending the California Confidentiality of Medical Information Act (“CMIA”) and the California Insurance Code, also were also signed into law. Medical Data: CMIA and Californian Insurance Code Amendment Bill. mental health, sexual health) or a situation in which disclosure would endanger the individual.

Privacy

Privacy Insurance Security Data breaches

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

Hunton Privacy

FEBRUARY 25, 2020

Incident readiness includes having a state-of-the-art incident response plan, conducting tabletop exercises, implementing a vendor management program and having adequate cybersecurity insurance. Sotto stresses that tabletop exercises are especially important in building muscle memory to handle the inevitable cyber attack.

Insurance

Insurance Data breaches Cybersecurity Privacy

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

While the transition to remote appointments may help flatten the curve of Covid-19 cases and provide much-needed relief to medical professionals, it does create a new set of cybersecurity concerns, especially regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA ).

Communications

Communications Insurance Compliance Cybersecurity

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

“A number of health insurance companies have wellness programs to encourage employees to exercise more, where if you sign up and pledge to 30 push-ups a day for the next few months or something you’ll get five wellness points towards a $10 Starbucks gift card, which requires 1000 wellness points,” Bill explained.

Authentication

Authentication Passwords Access Search queries

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan. Prominent examples include the NY DFS Cyber Regulations , California Consumer Privacy Act (“CCPA”) , NY SHIELD Act , Massachusetts data security law , and the numerous Insurance Data Security laws.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Time and tide waits for no man – IoT in Insurance. This old saying could also be applied for what is happening in the insurance market with IoT and that given the drive behind IoT in both the consumer and business markets. For example, car insurance could be varied between theft and fully comprehensive when the Car is not being used.

Insurance

Insurance IoT Marketing Manufacturing

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). Violations of the Act are subject to civil penalties.

Privacy

Privacy Insurance Marketing Information governance

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Hunton Privacy

MARCH 24, 2022

Similar to the CPA and VCDPA, the UCPA contains exemptions for covered entities, business associates and protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and financial institutions or personal data subject to the Gramm-Leach-Bliley Act (“GLB”).

Privacy

Privacy Personal data B2B Sales

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

Be in-line with insurance policies. Be in-line with insurance policies. Insurance policies can also heavily influence how we respond to an incident—particularly cybersecurity. Some policies require initial contact to be made with an insurer who will deploy their own incident response team. Document contingencies.

Insurance

Insurance Ransomware Data breaches Cloud

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

However, the Act would not extend to entities covered by the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, as well as entities covered by the California Insurance Code.

Insurance

Insurance Personal data Compliance Privacy

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

KnowBe4

APRIL 25, 2023

link] [Head Scratcher] More Companies With Cyber Insurance Are Hit by Ransomware Than Those Without? In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed. Date/Time: Wednesday, May 3, @ 2:00 PM (ET) Save My Spot!

Insurance

Insurance Security awareness Phishing Ransomware

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

The bill also contains a number of exemptions, including exceptions for financial institutions, affiliates, and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996, nonprofit organizations and institutions of higher education.

Privacy

Privacy Personal data Sales Insurance

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance

Insurance Paper Risk Big data

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

the country in which Processing occurs e. the identity of Affiliates, Processors, or Third-Parties Personal Data is shared with f. methods by which Consumers can exercise their Data Rights request; or g. Processing purposes.

Privacy

Privacy Cybersecurity Personal data Insurance

The Customer Journey Digital Transformation Workbook

Bill Schmarzo - Dell EMC

APRIL 4, 2018

To support this training, we created a methodology that guided the students through a digital transformation exercise. Customer Events could include planning a vacation, buying a house, or purchasing insurance. What Does “Taking a Vacation” Success Look or Feel Like (a surprisingly interesting and effective exercise).

Digital transformation

Digital transformation Big data Marketing Artificial Intelligence

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws.

Insurance

Insurance Blockchain Big data Risk

Regulatory Update: NAIC Summer 2020 National Meeting

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance

Insurance Paper Artificial Intelligence Big data

What Every CIO Needs to Know About DORA: An IT Operations Perspective

OpenText Information Management

JANUARY 24, 2025

Developing and testing incident response plans: Regularly testing your incident response capabilities through simulations and exercises ensures you are prepared for real-world events. A coordinated monitoring response across both the IT operations and cybersecurity front will be critical to DORA compliance.

IT

IT Compliance Risk Cloud

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

IT Governance

DECEMBER 5, 2023

New York Governor proposes cyber security regulations for hospitals New York Governor Kathy Hochul has proposed new cyber security regulations for all hospitals operating in the state, which are expected to complement the security requirements of HIPAA (the Health Insurance Portability and Accountability Act).

Data Privacy

Data Privacy Privacy Manufacturing Security

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

Still, just 32 percent said creating a culture of security is the key driver for their security awareness training (SA&T) program, compared to 67 percent who are more focused on regulatory compliance and 62 percent who conduct training simply to meet cyber insurance requirements.

Security

Security IT Cybersecurity Marketing

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. Therefore, covered hospitals may need to revise their risk analysis and management process to comply with the new regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group.

GDPR

GDPR Personal data Data collection Marketing

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

They also assist in mitigating risks, particularly identification of appropriate cyber insurance protection and indemnification clauses in the event of a breach. Want more information?

GDPR

GDPR Compliance Privacy Data Privacy

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

The classic example is the insurer that won’t pay for care that a doctor determines a patient needs. Insurers are about profit; doctors are about delivering the best care. With collaborative videoconferencing: Low-income patients without insurance can use the Emergency Room less often. Telemedicine.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Insurance blunts financial losses.) The ability to outsource software services became easy a little over a decade ago, due to ubiquitous global network connectivity, cloud and software-as-a-service business models, and an increase in industry- and government-led certifications and box-checking exercises. Regulatory penalties are minor.

Marketing

Marketing Access Insurance Risk

Data Modeling 101: OLTP data modeling, design, and normalization for the cloud

erwin

MAY 2, 2022

While talking to the business people about the business requirements, entities tend to be the plural nouns that they mention: insureds, beneficiaries, policies, terms, etc. Look again at Figure 7, what is the difference between an insured and a beneficiary? What is an entity? Just write them down, fill in details later.

Cloud

Cloud Insurance Metadata IT

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

Enforcement Uber fined €10 million for GDPR breaches The Dutch data protection authority, Autoriteit Persoonsgegevens, has fined Uber €10 million for failing to be transparent about its data retention practices and making it difficult for drivers to exercise their data privacy rights.

Data Privacy

Data Privacy Privacy Insurance Security

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

In addition, the business must ensure that all individuals responsible for handling requests and compliance with AB 375 are educated about relevant aspects of the bill and how to direct consumers to exercise their rights under these sections. Businesses cannot discriminate against consumers who exercise any of their rights under AB 375.

GDPR

GDPR Privacy Sales Data breaches

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

processing personal data which is necessary for the purposes of carrying out the obligations and exercising rights of the data controller or of the data subject in the field of employment and social security and social protection law. Conduct a data mapping exercise. The form and use of consents should be considered carefully.

Personal data

Personal data Data breaches GDPR Compliance

Israeli Court Upholds DPA’s Authority to Issue Market Instructions

Hunton Privacy

SEPTEMBER 7, 2012

24867-02-11 IDI Insurance v. the allocation of responsibility for databases between health insurers and primary health care providers. In IDI Insurance , ILITA fined an insurance company for using information concerning the attachment of a client’s account in denying that client insurance.

Marketing

Marketing Insurance Privacy Personal data

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

Performing a task carried out in the public interest: Article 6(1)(e) of the GDPR may also provide a legal basis where data processing is necessary to perform a task carried out in the public interest or in the course of exercising official authority vested in the data controller.

Personal data

Personal data GDPR Risk Insurance

Spain’s New Data Protection Act Now in Force

Data Matters

JANUARY 3, 2019

These include, for example, insurers, investment service companies and providers of information society services. Data Protection Officers : a list of entities that must appoint a data protection officer are set out in the LOPDGDD. This includes a right to “digital disconnection” that applies to both public and private sector workers.

GDPR

GDPR Personal data Privacy Insurance

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

Moving to Africa, South Africa’s Protection of Personal Information (POPI) Act will be enforced later this year, and aims to ensure that organizations operating in South Africa exercise proper care when collecting, storing or sharing personal data.

Compliance

Compliance GDPR Encryption Data Privacy

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Security Affairs newsletter Round 408 by Pierluigi Paganini

Webinars

Trending Sources

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

Webinars

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Over-Retention of Personal Data

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Gift Card Gang Extracts Cash From 100k Inboxes Daily

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Time and tide waits for no man – IoT in Insurance

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

How to Develop an Incident Response Plan

California Legislature Passes Bill Regulating Data Brokers

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Regulatory Update: NAIC Fall 2018 National Meeting

ICYMI – Late December in privacy and cybersecurity

The Customer Journey Digital Transformation Workbook

Regulatory Update: NAIC Spring 2019 National Meeting

Regulatory Update: NAIC Summer 2020 National Meeting

What Every CIO Needs to Know About DORA: An IT Operations Perspective

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

New York hospitals have new cybersecurity requirements

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Information Management in the Not-So-Distant Future of Health Care

The CrowdStrike Outage and Market-Driven Brittleness

Data Modeling 101: OLTP data modeling, design, and normalization for the cloud

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

California Enacts Broad Privacy Laws Modeled on GDPR

UAE: Federal level data protection law enacted

Israeli Court Upholds DPA’s Authority to Issue Market Instructions

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Spain’s New Data Protection Act Now in Force

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Stay Connected