2015, Information Security, Insurance and Privacy

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. See CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. Ohio’s Act applies to licensees, defined as persons authorized, registered, or licensed under Ohio insurance laws, or required to be so.

Insurance

Insurance Security Cybersecurity Data breaches

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance

Insurance Security Cybersecurity Data breaches

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. S ee CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. S ee CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. 6491 (Act). MCL § 500.550. MCL § 500.553(g).

Insurance

Insurance Security Cybersecurity FOIA

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: Successful phishing attack, breaching records on a server that reached end of life in 2015, though the information itself was “of low-sensitivity and semi-public”. Incident details: Network disruption likely caused by a cyber attack, as “third-party information security experts” are involved.

Data Privacy

Data Privacy Privacy Security Data breaches

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Cancer Center Settles with HHS for $2.3 Million over Data Breach

Hunton Privacy

DECEMBER 18, 2017

As reported in BNA Privacy Law Watch , on December 6, 2017, health care provider 21st Century Oncology agreed to pay $2.3 million to settle charges by the Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) that its security practices led to a data breach involving patient information.

Data breaches

Data breaches Insurance Information Security Risk

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The lawsuit concerns a May 2015 data breach in which hackers allegedly stole health information relating to 3.9 represented in its privacy policy that the Company used encryption and authentication tools to protect information but failed to encrypt the data (at rest) on its computer systems.

Data breaches

Data breaches Computer and Electronics Security Insurance

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 million individuals. failed to encrypt the sensitive ePHI. The case was filed in the U.S.

Data breaches

Data breaches IT Insurance Privacy

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Data Matters

JANUARY 8, 2019

The publication, “ Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015. The post HHS Releases Cybersecurity Guidance for Healthcare Organizations appeared first on Data Matters Privacy Blog.

Cybersecurity

Cybersecurity Insurance Phishing Government

Connecticut Passes New Data Protection Measures into Law

Hunton Privacy

JULY 23, 2015

On July 1, 2015, Connecticut’s governor signed into law Public Act No. On July 1, 2015, Connecticut’s governor signed into law Public Act No. A brief summary of the data security requirements for health insurers and state contractors is set forth below: Health Insurers. State Contractors.

Insurance

Insurance Data breaches Encryption Authentication

Record Data Breach Settlement in Anthem Class Action

Hunton Privacy

JUNE 26, 2017

the nation’s second largest health insurer, reached a record $115 million settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Anthem announced in February 2015 that it had been the target of an external cyber attack.

Data breaches

Data breaches Insurance Information Security Compliance

OCR Enters into Record Settlement with Anthem

Hunton Privacy

OCTOBER 22, 2018

Anthem”) following Anthem’s 2015 data breach. That breach, affecting approximately 79 million individuals, was the largest breach of protected health information (“PHI”) in history. prevent unauthorized access to ePHI.

Computer and Electronics

Computer and Electronics Passwords Data breaches Compliance

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

Data Security Act Introduced in New York State Assembly

Hunton Privacy

APRIL 24, 2015

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. physical safeguards, such as disposing of electronic media so that the information cannot be read or reconstructed.

Security

Security Passwords Encryption Insurance

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

AUGUST 19, 2019

The public availability of such kind of information could expose the owners to identity theft and other scams. The experts also discovered a large number of insurance certificates that expose various personally identifiable information (PII), such as names, phone numbers, postal and email addresses. Pierluigi Paganini.

Military

Military Insurance Education Phishing

Wyndham Settles FTC Charges in FTC v. Wyndham

Hunton Privacy

DECEMBER 9, 2015

On December 9, 2015, the Federal Trade Commission announced that Wyndham Worldwide Corporation (“Wyndham”) settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices. The case is FTC v. Wyndham Worldwide Corporation, et al. (2:13-CV-01887-ES-JAD)

Data breaches

Data breaches Information Security Insurance Compliance

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

Hunton Privacy

AUGUST 2, 2016

(“LabMD”) violated the unfairness prong of Section 5 of the FTC Act by failing to maintain reasonable security practices to protect consumers’ sensitive personal information. LabMD has 60 days to appeal.

Security

Security Insurance Information Security IT

Nevada Expands Definition of Personal Information

Hunton Privacy

JUNE 9, 2015

On May 13, 2015, Nevada Governor Brian Sandoval (R-NV) signed into law A.B. 179 (the “Bill”), which expands the definition of “personal information” in the state’s data security law. The law takes effect on July 1, 2015. a medical identification or health insurance identification number; and.

Insurance

Insurance Passwords Access Security

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor

Hunton Privacy

FEBRUARY 27, 2015

On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) 36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. Update : On March 2, 2015, Wyoming Governor Matt Mead signed both bills into law.

Insurance

Insurance Passwords Authentication Data breaches

Delaware Enacts New Data Destruction Law

Hunton Privacy

JULY 31, 2014

The new law requires commercial entities conducting business in Delaware to take reasonable steps to destroy their consumers’ “personal identifying information” prior to the disposal of electronic or paper records. The law will take effect on January 1, 2015. confidential health care information.

Financial Services

Financial Services Insurance Privacy Paper

Triple-S Management Corporation Enters into $3.5 Million HIPAA Settlement

Hunton Privacy

DECEMBER 3, 2015

On November 30, 2015, the U.S.

Compliance

Compliance Insurance Privacy Risk

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Since 2015, the U.S. Encourages financial institutions and other companies that engage with victims of ransomware (such as those involved in providing cyber insurance, digital forensics, and incident response) to implement risk-based sanctions compliance programs and to consider their obligations under FinCEN regulations.

Ransomware

Ransomware Compliance Risk Government

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

The European Union is off to a slow start levying fines for abusing data privacy and security, but the now-year-old General Data Protection Regulation gives the government the power to do so. states are left on their own to fine companies which don’t take cybersecurity or client privacy seriously. Until the U.S.

Cybersecurity

Cybersecurity Education Government Risk

Third Circuit Hears Oral Arguments in FTC v. Wyndham

Hunton Privacy

MARCH 5, 2015

On March 3, 2015, the Third Circuit heard oral arguments in FTC v. Wyndham”) on whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act. Wyndham Worldwide Corp.

Insurance

Insurance Data breaches Security Access

Administrative Law Judge Dismisses Complaint for Failure to Show Current or Future Substantial Consumer Injury

Hunton Privacy

NOVEMBER 16, 2015

On November 13, 2015, Chief Administrative Law Judge D. LabMD”) for failing to show that LabMD’s allegedly unreasonable data security practices caused, or were likely to cause, substantial consumer injury. The complaint cited two specific security incidents which were allegedly caused by LabMD’s unreasonable data security.

Insurance

Insurance Security Government IT

First American Financial exposed 16 years’ worth of personal and financial documents

Security Affairs

MAY 27, 2019

The US real-estate insurance biz, First American Financial, accidentally leaked customers’ highly personal files online, hundreds of millions of documents. The US real-estate insurance company First American Financial Corp. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. billion in 2018.

Insurance

Insurance Access Security Privacy

Weekly podcast: Supermicro, federal data privacy law and Morrisons

IT Governance

OCTOBER 25, 2018

This week, we discuss the stalemate between Bloomberg Businessweek and Supermicro, Apple and Facebook’s call for a federal data privacy law in the US, and what the Morrisons Appeal Court ruling means for every organisation. We at Apple are in full support of a comprehensive federal privacy law in the United States.”.

Data Privacy

Data Privacy Privacy Data breaches GDPR

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. SECURITI’s solutions help organizations secure data while automating privacy and compliance using AI and machine learning tactics. Cape Privacy.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Information Management Today

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Trending Sources

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

The Week in Cyber Security and Data Privacy: 16–22 October 2023

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Cancer Center Settles with HHS for $2.3 Million over Data Breach

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Connecticut Passes New Data Protection Measures into Law

Record Data Breach Settlement in Anthem Class Action

OCR Enters into Record Settlement with Anthem

HHS Announces HIPAA Settlement with UMass

Data Security Act Introduced in New York State Assembly

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Wyndham Settles FTC Charges in FTC v. Wyndham

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

Nevada Expands Definition of Personal Information

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor

Delaware Enacts New Data Destruction Law

Triple-S Management Corporation Enters into $3.5 Million HIPAA Settlement

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

The Problem With the Small Business Cybersecurity Assistance Act

Third Circuit Hears Oral Arguments in FTC v. Wyndham

Administrative Law Judge Dismisses Complaint for Failure to Show Current or Future Substantial Consumer Injury

First American Financial exposed 16 years’ worth of personal and financial documents

Weekly podcast: Supermicro, federal data privacy law and Morrisons

Top Cybersecurity Startups to Watch in 2022

Stay Connected