2013, Insurance and Security - Information Management Today

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

Rescator added that there was a second database of around 80,000 corporations that included social security numbers, names and addresses, but no financial information. As it happens, Rescator’s criminal hacking crew was directly responsible for the 2013 breach at Target and the 2014 hack of Home Depot. billion in 2013.

Sales

Sales Retail Insurance Access

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 This week, the U.S. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV Date of breach: 19 September 2013 (AlphV uploaded first part of data to its website on 19 October 2023). D-Link Corporation Provides Details about an Information Disclosure Security Incident Date of breach: 2 October 2023.

Data Privacy

Data Privacy Privacy Security Data breaches

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. Other investors included J.P.

Compliance

Compliance Security Cybersecurity Marketing

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

NOVEMBER 20, 2013

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”).

Insurance

Insurance Personal data Authentication Records Management

New Payment Technologies Should Reduce Demand for Cyber Insurance

Hunton Privacy

NOVEMBER 6, 2014

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: As the demand for cyber insurance has skyrocketed, so too has the cost. One broker estimates that sales in 2014 will double from the $1 billion premium collected in 2013. As these payment technologies become prevalent in the U.S.,

Insurance

Insurance Retail Sales Risk

Insurance Policy’s Statutory Rights Exclusion Does Not Apply to Data Breach Claims

Hunton Privacy

OCTOBER 15, 2013

On October 7, 2013, the United States District Court for the Central District of California held that a general liability insurance policy covered data breach claims alleging violations of California patients’ right to medical privacy. Hartford Casualty Insurance Co. Corcino & Associates , CV 13-03728-GAF (C.D.

Insurance

Insurance Data breaches Privacy Security

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

JULY 16, 2021

According to the Regulators, the Proposed Guidance largely would adopt the text of the OCC’s 2013 guidance, broadening its scope to include organizations supervised by all three Regulators.

Risk

Risk Insurance Sales Encryption

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Hunton Privacy

FEBRUARY 24, 2014

Securities and Exchange Commission that its health insurance subsidiary, Triple-S Salud, Inc. Triple S”), which is Puerto Rico’s largest health insurer, will be fined $6.8 million for a data breach that occurred in September 2013. Triple-S Management Corporation reported in the 8-K it recently filed with the U.S.

Insurance

Insurance Data breaches IT Security

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

9 million records breached through decade-long data leak A former temporary employee of a subsidiary of NTT West (Nippon Telegraph and Telephone West Corp) illegally accessed about 9 million personal data records over the course of a decade (2013 to 2023). Breached records: more than 56 million.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

The settlement stemmed from the theft of two laptops stolen from Horizon headquarters in November 2013, when personnel from outside vendors performing renovations and moving services at Horizon’s Newark headquarters had unsupervised access to the area where company laptops were stored. Under the terms of the settlement, in addition to the $1.1

Insurance

Insurance Privacy Encryption Passwords

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Hunton Privacy

JUNE 13, 2023

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”).

Risk

Risk Insurance Compliance Information Security

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

The security breach was discovered earlier this year, hackers also accessed data stored in the Literacy Works Information System and a legacy unemployment insurance service database. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers.

Data breaches

Data breaches Insurance Access Security

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

JANUARY 16, 2021

The Court held that OCR’s civil monetary penalty for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule was “arbitrary, capricious, and otherwise unlawful.”. OCR investigated and imposed the $4.3

Encryption

Encryption Privacy Insurance Security

OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations

IG Guru

NOVEMBER 26, 2019

Department of Health and Human Services (HHS) has imposed a $1,600,000 civil money penalty against the Texas Health and Human Services Commission (TX HHSC), for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules between 2013 […]. The post OCR Imposes a $1.6

Insurance

Insurance Privacy Security Records Management

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

million civil monetary penalty against Children’s Medical Center of Dallas (“Children’s”) for alleged ongoing violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules, following two consecutive breaches of patient electronic protected health information (“ePHI”).

Privacy

Privacy Security Insurance Encryption

Hacker Charged With Extorting Online Psychotherapy Service

Krebs on Security

NOVEMBER 3, 2022

In 2013, Kurittu worked on investigation involving Kivimaki’s use of the Zbot botnet, among other activities Kivimaki engaged in as a member of the hacker group Hack the Planet. Among those who grabbed a copy of the database was Antti Kurittu , a former criminal investigator at the Helsinki Police Department.

Data breaches

Data breaches Records Management Insurance Archiving

Who is Tech Investor John Bernard?

Krebs on Security

SEPTEMBER 25, 2020

Mr. Davies was charged with murder and fraud after he attempted to collect GBP 132,000 in her life insurance payout, but British prosecutors ultimately conceded they did not have enough evidence to convict him. A search on John Clifton Davies and Iryna turned up this 2013 story from The Daily Mirror which says Iryna is John C.

Insurance

Insurance IT

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

The Security Ledger

APRIL 27, 2021

The post Episode 212: China’s Stolen Data Economy (And Why We Should Care) appeared first on The Security Ledger with Paul F. Back in 2013, news that hackers stole data on tens of millions of customers of the software maker Adobe dominated the headlines for days. Read the whole entry. » Waiting for Federal Data Privacy Reform?

Data breaches

Data breaches Big data Retail Insurance

North Dakota Amends Breach Notification Law to Cover Health Information

Hunton Privacy

AUGUST 1, 2013

On April 19, 2013, the North Dakota legislature amended the state’s breach notification law (Section 51-30-01 of the North Dakota Century Code) to expand the definition of “personal information” to include “health insurance information” and “medical information.” The amendments took effect on August 1, 2013.

Insurance

Insurance Security Privacy

We Infiltrated a Counterfeit Check Ring! Now What?

Krebs on Security

JUNE 30, 2021

Ronnie Tokazowski is a threat researcher at Agari , a security firm that has closely tracked many of the groups behind these advanced fee schemes [KrebsOnSecurity interviewed Tokazowski in 2018 after he received a security industry award for his work in this area]. ” ANY METHOD THAT WORKS. Image: Agari.

Insurance

Insurance Education IT Government

D.C. Circuit’s Article III Standing Decision Deepens Appellate Disagreement

Hunton Privacy

AUGUST 10, 2017

Circuit reversed the dismissal of a putative data breach class action against health insurer CareFirst, Attias v. The court found that the complaint did in fact allege the theft of Social Security numbers and payment card information. On August 1, 2017, a unanimous three-judge panel for the D.C. CareFirst, Inc. , 16-7108, slip op.

Insurance

Insurance Data breaches Risk Access

HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules

Hunton Privacy

JANUARY 17, 2013

The Final Rule will become effective March 26, 2013, with covered entities and business associates obligated to comply with the new requirements by September 23, 2013. The Final Rule comes two and a half years after the proposed rule was published in July 2010.

Privacy

Privacy Security Insurance Marketing

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

HHS Announces 1.7 Million Dollar Settlement with WellPoint for Potential HIPAA Privacy and Security Rule Violations

Hunton Privacy

JULY 12, 2013

On July 11, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1.7 following a security breach that affected over 600,000 individuals. million settlement with WellPoint Inc. In a not-so-subtle hint of OCR’s future intentions, the press release also mentioned that “Beginning Sept.

Privacy

Privacy Security Insurance Access

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

DECEMBER 3, 2018

Each Referential lists the purposes of the data processing in question, the legal basis for that data processing, the types of personal data that may be processed for those purposes, the data retention periods and the associated security measures.

GDPR

GDPR Personal data Insurance Education

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

Chronicle of a Records Manager: Controlling the Chaos of Disaster Response and Recovery

ARMA International

APRIL 28, 2022

I have been a member of the OAR staff at the ANO since March 2013. The plan was to meet the insurance coordinator at the Howard Avenue office at 8:30 a.m. I was aware that I would need documentation on damage and losses for insurance and internal purposes. The insurance coordinator proposed stabilizing in place.

Records Management

Records Management Archiving Insurance Communications

Obama Administration Releases Incentive Reports on Cybersecurity

Hunton Privacy

AUGUST 7, 2013

On August 6, 2013, the Obama Administration posted links on The White House Blog to reports from the Departments of Commerce , Homeland Security and Treasury containing recommendations on incentivizing companies to align their cybersecurity practices with the Cybersecurity Framework.

Cybersecurity

Cybersecurity Insurance Risk Security

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Hunton Privacy

SEPTEMBER 23, 2013

Today, September 23, 2013, marks the deadline for compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule that was issued in January 2013. Change the notice of privacy practices to be distributed to individuals.

Compliance

Compliance Privacy Insurance Risk

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

HL Chronicle of Data Protection

SEPTEMBER 27, 2018

to support individual and classwide actions for purported data security and privacy violations. 4th 390, 393 (2013) (allowing “unlawful” UCL claim for violations of the federal Truth in Savings Act despite no express private right of action because Congress intended for state laws to hold banks to equivalent standards); see also Zhang v.

Privacy

Privacy Data breaches Insurance IT

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. Raising awareness about ransomware is a baseline security measure. As training sessions have little influence over staff for every potential attack, it makes added security more imperative.

Ransomware

Ransomware Encryption Insurance Cloud

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

CGI

JANUARY 22, 2016

This blog focuses on the new Network and Information Security Directive (NISD) which was agreed at the same time and also has significant implications for business. The likely implications will be: Organisations will need to be able to demonstrate that they have taken ‘appropriate security measures’.

Insurance

Insurance GDPR Personal data Marketing

Business Associate Compliance with the New HIPAA Rules

Hunton Privacy

APRIL 3, 2013

On January 17, 2013, the U.S. Department of Health and Human Services issued a final omnibus rule modifying prior regulations enacted pursuant to the Health Insurance Portability and Accountability Act of 1996. Sotto , partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, and Ryan P.

Compliance

Compliance Insurance Privacy Security

List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked

IT Governance

MAY 29, 2018

Insurance startup leaks sensitive customer health data. LifeBridge Health and LifeBridge Potomac Professionals Notify Patients of a Recent Security Incident. UT alerts some faculty, students of lost flash drive containing Social Security numbers. Bombas notifies consumers of breach going back to 2013. Hacker Steals $1.35

Data breaches

Data breaches GDPR Ransomware Passwords

German Ministry Publishes Draft Law for Cybersecurity Breach Notification

Hunton Privacy

MARCH 15, 2013

On March 5, 2013, the German Federal Ministry of the Interior published proposed amendments (in German) to the German Federal Office for Information Security Law.

Cybersecurity

Cybersecurity Information Security Insurance Privacy

FTC Reaches Settlement with Accretive Health

Hunton Privacy

JANUARY 3, 2014

On December 31, 2013, the Federal Trade Commission announced that Accretive Health, Inc. Accretive”) has agreed to settle charges that the company’s inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse.

Insurance

Insurance Information Security Risk Access

Centre for Information Policy Leadership Discusses Privacy Risk Management at the OECD Working Party on Security and Privacy in the Digital Economy

Hunton Privacy

DECEMBER 16, 2014

The event focused on several new references to “risk” in the 2013 revised OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in time for the main 2016 Ministerial meeting.

Privacy

Privacy Risk Security Insurance

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

OCTOBER 9, 2013

On October 2, 2013, the 86th Conference of the German Data Protection Commissioners concluded in Bremen. securing electronic communications by implementing and developing end-to-end encryption. Resolution on the Need for Action in the Area of Public Security. The previous Conference was held in Bremerhaven in March 2013.

Computer and Electronics

Computer and Electronics Encryption Communications Insurance

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. info and findget[.]me,

Insurance

Insurance Communications Authentication Access

FTC Files Complaint Against Medical Testing Lab for Exposing Consumers’ Personal Data

Hunton Privacy

AUGUST 30, 2013

On August 29, 2013, the FTC announced that it had filed a complaint against LabMD, Inc. Specifically, a LabMD spreadsheet that was found on the P2P network contained names, Social Security numbers, dates of birth, health insurance information and medical treatment codes. LabMD”) for failing to protect consumers’ personal data.

Personal data

Personal data Insurance Information Security Access

Who Stole 3.6M Tax Records from South Carolina?

First American Financial Pays Farcical $500K Fine

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Automated Security and Compliance Attracts Venture Investors

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

New Payment Technologies Should Reduce Demand for Cyber Insurance

Insurance Policy’s Statutory Rights Exclusion Does Not Apply to Data Breach Claims

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Maryland Department of Labor discloses a data breach

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hacker Charged With Extorting Online Psychotherapy Service

Who is Tech Investor John Bernard?

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

Episode 212: China’s Stolen Data Economy (And Why We Should Care)

North Dakota Amends Breach Notification Law to Cover Health Information

We Infiltrated a Counterfeit Check Ring! Now What?

D.C. Circuit’s Article III Standing Decision Deepens Appellate Disagreement

HHS Issues Final Omnibus Rule Modifying HIPAA Privacy, Security, Enforcement and Breach Notification Rules

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

HHS Announces 1.7 Million Dollar Settlement with WellPoint for Potential HIPAA Privacy and Security Rule Violations

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

HHS Announces HIPAA Settlement with UMass

Chronicle of a Records Manager: Controlling the Chaos of Disaster Response and Recovery

Obama Administration Releases Incentive Reports on Cybersecurity

HIPAA Omnibus Rule Compliance Deadline Has Arrived

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

California Consumer Privacy Act: The Challenge Ahead – Consumer Litigation and the CCPA: What to Expect

Ransomware Protection in 2021

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

Business Associate Compliance with the New HIPAA Rules

List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked

German Ministry Publishes Draft Law for Cybersecurity Breach Notification

FTC Reaches Settlement with Accretive Health

Centre for Information Policy Leadership Discusses Privacy Risk Management at the OECD Working Party on Security and Privacy in the Digital Economy

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

FTC Files Complaint Against Medical Testing Lab for Exposing Consumers’ Personal Data

Stay Connected