2016, Insurance and Security - Information Management Today

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Data Protection Report

MARCH 21, 2023

The French Information and Digital Security Experts Club ( CESIN ) has estimated that 54% of French companies were subject to cyberattacks in 2021, [1] while France Assureurs has put cyberattack risks on top of all other risks for the sixth year in a row. [2] 12-10-1 into the French Insurance code. However, in the end, Article L.12-10-1

Insurance

Insurance Data breaches Personal data GDPR

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

MAY 27, 2021

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers. Insurers Assessing Risks.

Insurance

Insurance Ransomware Risk Data science

The False Economy of Deprioritising Security

IT Governance

MARCH 20, 2024

In the UK, cyber security has been dropping down the board’s list of priorities. The UK government’s Cyber Security Breaches Survey 2023 confirms this trend. Fewer directors, trustees and other senior managers of both UK businesses and charities see cyber security as a high priority in 2023 compared to 2022. Specifically, a 13.4%

Security

Security Data breaches Government Insurance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

Security Affairs

DECEMBER 23, 2018

France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach. The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide. SecurityAffairs – hacking, 2016 data breach). Pierluigi Paganini.

Data breaches

Data breaches Personal data Insurance Access

A Second State Hits EmblemHealth With Breach Fine

Data Breach Today

DECEMBER 14, 2018

Case Involves Social Security Numbers Exposed in Mailings For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.

Insurance

Insurance Security

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. CyberGRX launched in 2016 precisely because bespoke assessments had become untenable.

Security

Security Risk Digital transformation Cybersecurity

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023. Why do crypto exchanges’ users need insurance?

Insurance

Insurance Risk Marketing Cybersecurity

FTC Releases Updated Mobile Health App Compliance Tool

Hunton Privacy

DECEMBER 16, 2022

The updated version of the tool, which revises the initial release in 2016, aims to assist developers of mobile apps that will access, collect, share, use or maintain information related to an individual consumer’s health, such as information related to diagnosis, treatment, fitness, wellness or addiction.

Compliance

Compliance Insurance Privacy Access

How Cyber Essentials can help secure against malware

IT Governance

NOVEMBER 28, 2018

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented. The research also highlights that the overall number of organisations experiencing ransomware attacks increased from 48% in 2016 to 56% in 2018.

Security

Security Ransomware Government Insurance

Insurers’ role will be critical in improving cybersecurity standards

CGI

AUGUST 31, 2016

Insurers’ role will be critical in improving cybersecurity standards. Wed, 08/31/2016 - 08:00. As the cyber liability market grows, the insurance industry may also play an increasingly important role in driving change in the cybersecurity landscape. The unique challenges of cyber risk.

Insurance

Insurance Cybersecurity Risk Marketing

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

Hunton Privacy

OCTOBER 15, 2021

The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy and Security Rules by removing protected health information (“PHI”) safeguards. Neafsey said in a statement regarding the breach.

Data breaches

Data breaches Privacy Insurance Information Security

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

AUGUST 25, 2021

The group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data. The group focuses on organizations in the insurance, retail, technology, and chemical industries in the U.S., Canada, South Africa, Puerto Rico, Panama, and Italy. Pierluigi Paganini.

Retail

Retail Insurance Cybersecurity Phishing

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Time and tide waits for no man – IoT in Insurance. Fri, 05/27/2016 - 07:25. This old saying could also be applied for what is happening in the insurance market with IoT and that given the drive behind IoT in both the consumer and business markets. p.butler@cgi.com. Time and tide waits for no man. New products and services.

Insurance

Insurance IoT Marketing Manufacturing

OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance

Hunton Privacy

SEPTEMBER 24, 2020

million settlement with Athens Orthopedic Clinic PA (“Athens Orthopedic”) for alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules. Health care providers that fail to follow the HIPAA Security Rule make their patients’ health data a tempting target for hackers.”.

Insurance

Insurance Data breaches Privacy Risk

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

AUGUST 22, 2019

A core security challenge confronts just about every company today. While the benefits of DX are highly-touted , this shift has also spawned a whole new tier of unprecedented privacy and security challenges. The cloud is kind of dragging this movement along and DevOps and security are center stage, at the moment.”

Digital transformation

Digital transformation Compliance Risk Security

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. In recent years, costly breaches and evolving data security concerns have bubbled up to a board level agenda item. Data privacy is not a check-the-box compliance or security item. Data Privacy and Security in the Quantum Era. In the Dec.

Data Privacy

Data Privacy Privacy Security Encryption

Police Scotland needs to invest millions in cyber security

IT Governance

JUNE 28, 2018

Police Scotland had agreed to spend £46 million improving its computer systems in 2016 , but the plan was scrapped after a series of errors, including disagreements over the project’s timeframe and budget. Save money, because insurance agencies look favourably on organisations with Cyber Essentials certification. Cyber Essentials.

Security

Security GDPR Insurance Government

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

The Last Watchdog

APRIL 18, 2019

Related: Data breaches fuel fledgling cyber insurance market. Brinqa, an Austin, TX-based security vendor has come up with a cyber risk management platform designed to help companies take a much more dynamic approach to closing that gap, specifically in the areas of vulnerability management and application security, to start.

Digital transformation

Digital transformation Security Risk Cloud

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

Back in the mid-1990s, big banks and insurance companies came up with something called “bespoke assessments” as the approach for assessing third party vendor risk. CyberGRX launched in 2016 as a clearinghouse for companies to pool and share standardized assessment data and actually analyze the results for action. Visibility boost.

Risk

Risk Insurance Access Security

Eleventh Circuit Vacates FTC Data Security Order

Hunton Privacy

JUNE 8, 2018

Court of Appeals for the Eleventh Circuit vacated a 2016 Federal Trade Commission (“FTC”) order compelling LabMD to implement a “comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.”

Security

Security Information Security Insurance Risk

Lab test provider LifeLabs disclose a data breach that exposed personal info of 15M customers

Security Affairs

DECEMBER 18, 2019

The exposed data dates back from 2016 and earlier, most of the information belongs to customers from B.C. The attack took place in early November, the company also revealed to have paid an undisclosed sum to the hackers to retrieve the data, it has also hired cyber security experts to lock out the threat and restore operations.

Data breaches

Data breaches Insurance Passwords Access

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. 2016 sales thread on Exploit.

Healthcare

Healthcare Passwords Sales Ransomware

Powering the future: The synergy of IBM and AWS partnership

IBM Big Data Hub

SEPTEMBER 11, 2023

IBM and AWS have been working together since 2016 to provide secure, automated solutions for hybrid cloud environments. The result is easier, faster cloud transformation, technology deployment, and more secure operations, which can help drive better business results.

Customer Experience

Customer Experience Cloud Data migration Digital transformation

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

Data Protection Report

MAY 18, 2022

Whether to report a breach of security safeguards to the OPC and notify impacted individuals. It is important to note that financial information is often collected, used or disclosed with identification information such as an individual’s social insurance number (“SIN”), thereby increasing its sensitivity.

Privacy

Privacy Insurance Phishing Risk

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

Hunton Privacy

AUGUST 2, 2016

On July 29, 2016, the Federal Trade Commission (“FTC”) announced that it had issued an opinion and final order concluding that LabMD, Inc. LabMD”) violated the unfairness prong of Section 5 of the FTC Act by failing to maintain reasonable security practices to protect consumers’ sensitive personal information.

Security

Security Insurance Information Security IT

FTC Issues Guide for Businesses on Handling Data Breaches

Hunton Privacy

OCTOBER 26, 2016

On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches (the “Guide”). The Guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.

Data breaches

Data breaches Insurance Cybersecurity Security

Hunton & Williams Launches Cyber and Physical Security Task Force

Hunton Privacy

APRIL 8, 2016

Team helps companies devise legal strategies to enhance security and mitigate threat risk. On April 4, 2016, Hunton & Williams LLP announced the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident.

Security

Security Cybersecurity Risk Insurance

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

APRIL 18, 2017

Ultimately, the chief information security officer (CISO) needs to understand the information footprint across systems, determine the value/risk of loss, and protect against cyberattacks through the deployment of control activities, which are commensurate with the value/risk of these information systems. So, what can be done?

Government

Government Cybersecurity Insurance Information governance

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

Hunton Privacy

OCTOBER 25, 2016

On October 18, 2016, the United States Court of Appeals for the Fifth Circuit held in Apache Corp. Apache recouped a portion of the payments from its bank and attempted to recover the balance from its insurer. Apache was insured under a crime-protection insurance policy issued by Great American Insurance Company (“GAIC”).

Computer and Electronics

Computer and Electronics Insurance IT Cybersecurity

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

JULY 8, 2019

The issue giving rise to the financial penalty was a security breach relating to the company’s website notified by a user to the CNIL on 12 August 2018. According to SERGIC, the website’s security breach could have impacted around 29,440 users.

GDPR

GDPR Personal data Compliance Security

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Security Affairs

APRIL 26, 2021

A deep investigation on artifacts uploaded on VirusTotal allowed the experts to determine that the botnet may have been active at least since May 2016. Prometei has been observed to be active in systems across a variety of industries, including: Finance, Insurance, Retail, Manufacturing, Utilities, Travel, and Construction.”

Mining

Mining Retail Insurance Manufacturing

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Hunton Privacy

OCTOBER 27, 2017

On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016. 3. “IN -> OUT -> IN” scenario.

Compliance

Compliance Data collection GDPR Insurance

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

The Last Watchdog

SEPTEMBER 14, 2018

EventTracker has a bird’s eye view; its unified security information and event management (SIEM) platform includes – behavior analytics, threat detection and response, honeynet deception, intrusion detection and vulnerability assessment – all of which are coupled with their SOC for a co-managed solution. Election threat.

Government

Government Digital transformation Mining Insurance

Cachet Financial Reeling from MyPayrollHR Fraud

Krebs on Security

OCTOBER 24, 2019

It’s worth noting that the MyPayrollHR fraud wasn’t the first time Cachet has been tripped up by the demise of a payroll company: In 2016, the collapse of Monterey, Calif. based payroll processor Pinnacle Workforce Solutions left Cachet holding the bag for more than $1 million. But, on Sept. 1, 2019 to Aug.

Communications

Communications Financial Services Insurance Risk

List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

IT Governance

MAY 30, 2019

The cyber security story for May 2019 is much the same as it was last month, with one mammoth breach raising the monthly total. which breached sixteen years’ worth of insurance data. Salesforce customers faced 15-hour delay as org investigates security incident (unknown). UK government commits email privacy blunder (300).

Data breaches

Data breaches Personal data Ransomware Phishing

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

The Last Watchdog

MARCH 1, 2019

There’s a frantic scramble going on among those responsible for network security at organizations across all sectors. Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy.

Digital transformation

Digital transformation Marketing Analytics Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards.

Privacy

Privacy IT Information Security Insurance

Op Wocao – China-linked APT20 was able to bypass 2FA

Security Affairs

DECEMBER 23, 2019

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA.

Authentication

Authentication Insurance Access Government

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

OCR Enters into Record Settlement with Anthem

Hunton Privacy

OCTOBER 22, 2018

Three years ago, in February 2015, OCR opened a compliance review of Anthem, the nation’s second largest health insurer, following media reports that Anthem had suffered a significant cyberattack. million, which OCR imposed in 2016 against Advocate Health Care Network. prevent unauthorized access to ePHI.

Computer and Electronics

Computer and Electronics Passwords Data breaches Compliance

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

MAY 17, 2018

SB 315 faced opposition from both private companies and information security researchers. Security researchers also voiced concerns. Organizations have employed bug bounty programs in an effort to encourage researchers to report security flaws in their systems. The federal government has also taken notice of these efforts.

Systems administration

Systems administration Cybersecurity Information Security Insurance

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

CCPA: Employers Should Consider Implications for Employee Benefit Plans

Hunton Privacy

JANUARY 16, 2019

Because employer-sponsored health plans are HIPAA-covered entities, any PHI held by a self-insured plan and subject to HIPAA will be outside the reach of the CCPA. For example, in its 2016 decision in Gobeille v. Liberty Mutual Insurance Company , the U.S. Retirement and other ERISA Plans.

Insurance

Insurance Data collection Privacy Government

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

Webinars

Trending Sources

The False Economy of Deprioritising Security

Webinars

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

A Second State Hits EmblemHealth With Breach Fine

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

FTC Releases Updated Mobile Health App Compliance Tool

How Cyber Essentials can help secure against malware

Insurers’ role will be critical in improving cybersecurity standards

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Time and tide waits for no man – IoT in Insurance

OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Police Scotland needs to invest millions in cyber security

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

Eleventh Circuit Vacates FTC Data Security Order

Lab test provider LifeLabs disclose a data breach that exposed personal info of 15M customers

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Powering the future: The synergy of IBM and AWS partnership

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

FTC Issues Guide for Businesses on Handling Data Breaches

Hunton & Williams Launches Cyber and Physical Security Task Force

Why Cybersecurity Pros Should Care About Governance

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

Cachet Financial Reeling from MyPayrollHR Fraud

List of data breaches and cyber attacks in May 2019 – 1.39 billion records leaked

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Op Wocao – China-linked APT20 was able to bypass 2FA

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

OCR Enters into Record Settlement with Anthem

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

HHS Announces HIPAA Settlement with UMass

CCPA: Employers Should Consider Implications for Employee Benefit Plans

Stay Connected