Financial Services, Insurance, Privacy and Ransomware

Financial Services

Insurance

Privacy

Ransomware

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance

Insurance Financial Services Cybersecurity Risk

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy

Data Privacy Privacy Security Data breaches

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

Trending Sources

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Webinars

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

For highly regulated industries, these challenges take on an entirely new level of expectation as they navigate evolving regulatory landscape and manage requirements for privacy, resiliency, cybersecurity, data sovereignty and more. Read to learn more about cloud adoption within financial services?

Cloud

Cloud Financial Services Risk Business Services

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

ALPHV/BlackCat ransomware gang adds 2.7 TB of ASA Electronics data to its leak site The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 Welfare Benefits Plan Source 1 ; source 2 New Healthcare USA Yes 13,079 Insurance ACE/Humana Inc. Date breached: 384,658,212 records.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

A few days after the Advisory, Ukrainian government websites were attacked by Russian actors while the Russian government simultaneously arrested members of the notorious ransomware gang REvil. Like an incident response plan, MFA has become a critical element of cybersecurity programs. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

individuals and businesses comply with ransomware payment demands. Ransomware attacks use malware, often injected through phishing schemes, to encrypt a victim’s data files or programs, followed by a ransom demand by the threat actor that offers the decryption key in exchange for payment. sanctions law violations if U.S.

Ransomware

Ransomware Compliance Risk Government

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. See CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 14, 2011). 15, 2020).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

suffers second ransomware attack in months Having been struck by a ransomware attack in October by the BlackSuit group , which led to operations and appointments being postponed, Akumin Inc. has suffered a second attack, this time by the BianLian ransomware group. Data breached: more than 59 million data records. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

Late December and early January tend to be a busy time for everyone, so you may have missed a privacy update or two during that time. 3. Does an insurance policy that covers direct physical loss or damage to media cover the situation where ransomware renders downloaded software useless because it could not be decrypted?

Privacy

Privacy Cybersecurity Personal data Insurance

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proof of adequate cyber insurance coverage.

Data breaches

Data breaches Cybersecurity Financial Services Risk

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

But without reinforcing this understanding through ongoing mindset shifts, the status quo and security theater of repetitive privacy notifications will make employees feel more complacent." By Javvad Malik Insurance provider Hiscox has published its fifth annual cyber readiness report, which has some eye-opening statistics.

Phishing

Phishing Security awareness Compliance Risk

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. million last year, roughly a quarter of which was the due to the ransomware attack it suffered in March 2023.

Data Privacy

Data Privacy Privacy Security Data breaches

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Source (New) Real estate USA Yes 46,906 Hampton-Newport News Community Services Board Source 1 ; source 2 ; source 3 (New) Healthcare USA Yes 44,312 Air Methods Source 1 ; source 2 (New) Healthcare USA Yes 34,016 GREYHOURS Source (New) Retail France Yes 18,700 Groveport Madison Schools Source 1 ; source 2 ; source 3 (Update) Education USA Yes 15.5

Data Privacy

Data Privacy Privacy Manufacturing Security

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., Subscribe now The post The Week in Cyber Security and Data Privacy: 22 – 28 April 2024 appeared first on IT Governance UK Blog.

Data Privacy

Data Privacy Privacy Manufacturing Security

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

The hope is that the strategy outlined herein will help corporate directors and executives who support them ( e.g. , legal, information technology security, privacy, compliance, and audit) make practical use of the various technical guidelines available without misaligning their systems from the broader corporate mission. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

SECURITI’s solutions help organizations secure data while automating privacy and compliance using AI and machine learning tactics. was recently named a Leader in the Forrester Wave’s Privacy Management Software, Q4, 2021. Ethyca is compliance -focused as regulatory enforcement becomes an essential part of data privacy.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Information Management Today

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Webinars

Trending Sources

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Webinars

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Building for operational resilience in the age of AI and hybrid cloud

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

ICYMI – Late December in privacy and cybersecurity

US: Surviving the service provider data breach

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Top Cybersecurity Startups to Watch in 2022

Stay Connected