Exercises, Insurance and Security - Information Management Today

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

IT Governance

JULY 30, 2024

But as a reminder, here are some key facts about the CrowdStrike incident: CrowdStrike is a publicly listed security company, which provides security software to – among many other large organisations – Microsoft. The outage was caused by a bad security update rolled out by CrowdStrike. Learn more about the CIA triad here.)

Insurance

Insurance Risk Encryption Manufacturing

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

JANUARY 2, 2019

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance

Insurance Cybersecurity Data breaches Encryption

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The Last Watchdog

AUGUST 1, 2023

1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. SMEs, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.

Insurance

Insurance Cybersecurity Risk Education

Security Affairs newsletter Round 408 by Pierluigi Paganini

Security Affairs

FEBRUARY 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Military Ransomware Insurance

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take. That’s why tabletop exercises are incredibly important.

Ransomware

Ransomware Encryption Insurance Cybersecurity

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

303% ROI: The Total Economic Impact™ of IBM Security Randori

IBM Big Data Hub

JULY 10, 2023

What can your organization achieve with an offensive security platform? According to a new Forrester Consulting study , the IBM Security Randori platform delivered a 303% ROI over 3 years and paid for itself in less than 6 months by helping to mitigate risk exposure, better prioritize risk response decisions and act faster.

Security

Security Insurance Risk IT

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization. Network Elements Networks connect physical and virtual assets and control the data flow between them.

Security

Security Cloud Cybersecurity Access

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. Assessing AI and Security Training.

Security

Security IT Cybersecurity Marketing

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

However, the Act would not extend to entities covered by the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, as well as entities covered by the California Insurance Code.

Insurance

Insurance Personal data Sales Compliance

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Time and tide waits for no man – IoT in Insurance. This old saying could also be applied for what is happening in the insurance market with IoT and that given the drive behind IoT in both the consumer and business markets. For example, car insurance could be varied between theft and fully comprehensive when the Car is not being used.

Insurance

Insurance IoT Marketing Manufacturing

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

Hunton Privacy

FEBRUARY 25, 2020

Incident readiness includes having a state-of-the-art incident response plan, conducting tabletop exercises, implementing a vendor management program and having adequate cybersecurity insurance. Sotto stresses that tabletop exercises are especially important in building muscle memory to handle the inevitable cyber attack.

Insurance

Insurance Data breaches Cybersecurity Privacy

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

Back in the mid-1990s, big banks and insurance companies came up with something called “bespoke assessments” as the approach for assessing third party vendor risk. So much time and energy was put into the administrative exercise of just requesting data and responding to questionnaires,” Kneip says. “By Visibility boost.

Risk

Risk Insurance Access Security

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). Violations of the Act are subject to civil penalties. Department of Health and Human Services pursuant to HIPAA and the HITECH Act.

Privacy

Privacy Insurance Marketing Information governance

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

KnowBe4

APRIL 25, 2023

Security researchers are jailbreaking large language models to get around safety rules. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence." Security Culture Benchmarking feature lets you compare your organization's security culture with your peers NEW!

Insurance

Insurance Security awareness Phishing Ransomware

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Hunton Privacy

MARCH 24, 2022

Similar to the CPA and VCDPA, the UCPA contains exemptions for covered entities, business associates and protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and financial institutions or personal data subject to the Gramm-Leach-Bliley Act (“GLB”).

Privacy

Privacy Personal data Sales B2B

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

While the transition to remote appointments may help flatten the curve of Covid-19 cases and provide much-needed relief to medical professionals, it does create a new set of cybersecurity concerns, especially regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA ).

Communications

Communications Insurance Compliance Cybersecurity

Regulatory Update: NAIC Summer 2020 National Meeting

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance

Insurance Paper Artificial Intelligence Big data

How threat hunters stay informed and collaborate

OpenText Information Management

AUGUST 20, 2024

In the ever-evolving landscape of cybersecurity, threat hunters play a crucial role in proactively detecting and mitigating security threats. Internally, they work closely with teams such as the Security Operations Center (SOC), data science, and threat intelligence.

Communications

Communications Cybersecurity Analytics Data science

Understanding HIPAA: A Guide to Avoiding Common Violations

Armstrong Archives

AUGUST 25, 2023

The Health Insurance Portability and Accountability Act (HIPAA) ensures individuals’ health data protection and privacy. This includes insurance companies, nurses, and doctors. Healthcare has become more interconnected than ever, making it important to protect patients’ sensitive information.

Computer and Electronics

Computer and Electronics Insurance Compliance Risk

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

The bill also contains a number of exemptions, including exceptions for financial institutions, affiliates, and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996, nonprofit organizations and institutions of higher education.

Privacy

Privacy Personal data Sales Insurance

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

The classic example is the insurer that won’t pay for care that a doctor determines a patient needs. Insurers are about profit; doctors are about delivering the best care. With collaborative videoconferencing: Low-income patients without insurance can use the Emergency Room less often. Information Security. Telemedicine.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

Oregon Consumer Privacy Act

Hunton Privacy

JULY 12, 2023

The OCPA provides an exemption to personal data subject to the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and a number of other federal laws. Thus, like most other comprehensive state privacy laws, employee data and business-to-business data are excluded from the scope of the OCPA.

Privacy

Privacy Personal data Insurance Sales

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws.

Insurance

Insurance Blockchain Big data Risk

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Or as is often the case with security, what costs can we skip and still escape big penalties later? For example, we might nominate: The IT security manager to handle a ransomware incident; Our external accountant to investigate financial fraud; or.

Insurance

Insurance Ransomware Data breaches Cloud

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Below is the list of mitigations recommended by the FBI: Ensure anti-virus and anti-malware is enabled and security protocols are updated regularly and in a timely manner. Conduct regular network security assessments to stay up to date on compliance standards and regulations. Mitigate vulnerabilities related to third-party vendors.

Passwords

Passwords Phishing Authentication Communications

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance

Insurance Paper Risk Big data

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Insurance blunts financial losses.) The problem is that both the financial and risk costs of outsourcing can be hidden—delayed in time and masked by complexity—and can lead to a false sense of security when companies are actually entangled by these invisible dependencies. Stock prices depress only temporarily.

Marketing

Marketing Insurance Access Risk

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. Therefore, covered hospitals may need to revise their risk analysis and management process to comply with the new regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. Bill said these crooks have figured out a way to tap into those benefits as well.

Authentication

Authentication Passwords Access Search queries

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

The panel’s key messages for clients included the following: Data security and privacy are mission critical and should be discussed at the most senior levels of the organisation. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group.

GDPR

GDPR Personal data Data collection Marketing

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

There are also new requirements around transfers of data outside of the UAE and requirements to keep data secure, and to notify the new data protection regulator, and in some circumstances data subjects, of data breaches. Data security. The PDPL imposes strict requirements around data security. Data breaches.

Personal data

Personal data Data breaches GDPR Compliance

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

To achieve these, local data processing or anonymization of data must be considered; The security and confidentiality of the personal data processed in the context of connected vehicles must be guaranteed, in particular by implementing measures such as the encryption of the communication channel. . geolocation data; biometric data; etc.)

Privacy

Privacy Personal data GDPR Insurance

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Data Matters

DECEMBER 1, 2021

Concurrently, the OCC , the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (the Agencies) released a joint statement alerting the industry of their intent to provide additional guidance in the coming months concerning certain activities related to cryptoassets conducted by banking organizations.

Compliance

Compliance Risk Insurance Sales

Private cloud use cases: 6 ways private cloud brings value to enterprise business

IBM Big Data Hub

MARCH 28, 2024

As cloud computing continues to transform the enterprise workplace, private cloud infrastructure is evolving in lockstep, helping organizations in industries like healthcare, government and finance customize control over their data to meet compliance, privacy, security and other business needs. billion by 2033, up from USD 92.64

Cloud

Cloud Energy and Utilities Compliance Privacy

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

Performing a task carried out in the public interest: Article 6(1)(e) of the GDPR may also provide a legal basis where data processing is necessary to perform a task carried out in the public interest or in the course of exercising official authority vested in the data controller.

Personal data

Personal data GDPR Risk Insurance

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

DECEMBER 2, 2020

financial information, life/health insurance information, specified medical information, information leading to identification of a vulnerable adult, child, or young person who is the subject of an investigation or relating to court proceedings involving a child and young person, or.

Data Privacy

Data Privacy Privacy Data breaches Personal data

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JULY 20, 2023

The DPDPA also contains a number of exemptions, including exceptions for financial institutions, affiliates and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 and nonprofit organizations.

Privacy

Privacy Personal data Sales Risk

Israeli Court Upholds DPA’s Authority to Issue Market Instructions

Hunton Privacy

SEPTEMBER 7, 2012

24867-02-11 IDI Insurance v. the allocation of responsibility for databases between health insurers and primary health care providers. In IDI Insurance , ILITA fined an insurance company for using information concerning the attachment of a client’s account in denying that client insurance.

Marketing

Marketing Insurance Privacy Personal data

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

Some of these steps include: Conduct a data mapping exercise. The data mapping exercise will provide an organisation with a snapshot of how its data is collected and managed. After conducting the data mapping exercise, the information will need to be systematised into a format that can be readily accessed by the organisation.

Personal data

Personal data Compliance Computer and Electronics IoT

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Trending Sources

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

Security Affairs newsletter Round 408 by Pierluigi Paganini

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

303% ROI: The Total Economic Impact™ of IBM Security Randori

Network Security Architecture: Best Practices & Tools

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

California Legislature Passes Bill Regulating Data Brokers

Time and tide waits for no man – IoT in Insurance

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Regulatory Update: NAIC Summer 2020 National Meeting

How threat hunters stay informed and collaborate

Understanding HIPAA: A Guide to Avoiding Common Violations

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Information Management in the Not-So-Distant Future of Health Care

Oregon Consumer Privacy Act

Regulatory Update: NAIC Spring 2019 National Meeting

How to Develop an Incident Response Plan

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Regulatory Update: NAIC Fall 2018 National Meeting

The CrowdStrike Outage and Market-Driven Brittleness

New York hospitals have new cybersecurity requirements

Gift Card Gang Extracts Cash From 100k Inboxes Daily

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

UAE: Federal level data protection law enacted

EUROPE: New privacy rules for connected vehicles in Europe?

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Private cloud use cases: 6 ways private cloud brings value to enterprise business

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Guidelines Published for Changes to the Singapore Data Privacy Regime

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Israeli Court Upholds DPA’s Authority to Issue Market Instructions

Saudi Arabia’s New Data Protection Law – What you need to know

Stay Connected