2017, Insurance and Security - Information Management Today

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

Merck has resolved a dispute with insurers regarding a $1.4 Merck and its insurers have agreed with a $1.4 billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. Merck had not taken out specific insurance to cover cyber attacks, it only had insurance coverage against general risks.

Insurance

Insurance Healthcare Manufacturing Ransomware

Crooks stole driver’s license numbers from Geico auto insurer

Security Affairs

APRIL 20, 2021

Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., Geico, the second-largest auto insurer in the U.S., Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Insurance

Insurance Data breaches Sales Security

Merck Wins Insurance Lawsuit re NotPetya Attack

Schneier on Security

JANUARY 25, 2022

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 Merck suffered US$1.4

Insurance

Insurance Risk Government IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

IT Governance

AUGUST 25, 2022

Lloyd’s of London has announced that its insurance policies will no longer cover losses resulting from certain nation-state cyber attacks or acts of war. In a memo sent to the organisation’s insurance syndicates , Underwriting Director Tony Chaudhry said that Lloyd’s remains “strongly supportive” of policies that cover cyber attacks.

Insurance

Insurance IT Government Risk

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

APRIL 26, 2021

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian , one of the big three consumer credit bureaus in the United States. Thomas said he’s furious that Experian only provides added account security for consumers who pay for monthly plans.

Security

Security Authentication Access Insurance

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance

Insurance Security Cybersecurity Data breaches

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance

Insurance Financial Services Cybersecurity Risk

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware

Ransomware Insurance Phishing IT

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The experts detected 8.3

Insurance

Insurance Data breaches Financial Services Passwords

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs

APRIL 29, 2024

.” The FCC’s Enforcement Bureau launched an investigation after Missouri Sheriff Cory Hutcheson misused a “location-finding service” provided by Securus, a communications service provider for correctional facilities, to access the location data of wireless carrier customers without their consent from 2014 to 2017.

Insurance

Insurance Communications Access IT

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023. Why do crypto exchanges’ users need insurance?

Insurance

Insurance Risk Marketing Cybersecurity

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security , a cybersecurity software firm that plays directly in this space. Then you have the folks whose security programs have run out of steam and they’re looking for a way to prove that they’re doing due care,” Wrenn said.

Cybersecurity

Cybersecurity Insurance Security Privacy

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk

The Security Ledger

AUGUST 20, 2019

We talk to Bruce McDonnell of the East West Institute about how insurers are responding. Related Stories Episode 155: Disinformation is a Cyber Weapon and APTs warm to Mobile Malware Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats NotPetya Horror Story Highlights Need for Holistic Security.

Insurance

Insurance Risk Healthcare Manufacturing

Hunton Privacy and Insurance Leaders Address Prevention and Insurability of Cyber Attacks

Hunton Privacy

NOVEMBER 27, 2017

On November 3, 2017, Securityroundtable.org published an article highlighting the vulnerabilities businesses face in a world of e-commerce and interconnectivity, and spotlighted a crisis-planning panel hosted by Hunton & Williams held on November 1. It is now recognized as a basic risk issue by every company.”

Insurance

Insurance Privacy Cybersecurity Risk

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the original Cybersecurity Regulation in 2017.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com.

Phishing

Phishing Passwords Insurance Sales

A Chief Security Concern for Executive Teams

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. banks) would have this role in their executive leadership team.

Security

Security Marketing Cybersecurity Data breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

IT Governance

APRIL 3, 2019

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. NotPetya is a Windows-based piece of ransomware that infected organisations across the globe in 2017. Perilous future for cyber insurance. Was NotPetya an act of war?

Insurance

Insurance Ransomware Government Paper

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? the security posture of vendor partners). ENTIRELY, CERTIFIABLY PREVENTABLE.

Security

Security Energy and Utilities Risk Data breaches

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

Hunton Privacy

NOVEMBER 13, 2023

On April 22, 2019, HHS began investigating DMS after receiving a breach notification indicating that DMS’ network server was infected by the Gandcrab ransomware in April 2017. DMS is a HIPAA business associate (“BA”) that provides payer credentialing and medical billing services to HIPAA Covered Entities (“CEs”).

Ransomware

Ransomware Risk Insurance Encryption

How Cyber Essentials can help secure against malware

IT Governance

NOVEMBER 28, 2018

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented. Secure your organisation with Cyber Essentials. Being Cyber Essentials certified demonstrates your commitment to cyber security.

Security

Security Ransomware Government Insurance

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

Hunton Privacy

OCTOBER 15, 2021

The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy and Security Rules by removing protected health information (“PHI”) safeguards. Neafsey said in a statement regarding the breach.

Data breaches

Data breaches Privacy Insurance Information Security

A Cyber Insurance Backstop

Schneier on Security

FEBRUARY 28, 2024

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The 9/11 attacks cost insurers and reinsurers $47 billion.

Insurance

Insurance Government Cybersecurity Risk

Dark Overlord hacking crew publishes first batch of confidential 9/11 files

Security Affairs

JANUARY 6, 2019

The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox, Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks. In October 2017, the group broke into the celeb London Bridge Plastic Surgery clinic.

Insurance

Insurance Data breaches Sales Government

Equifax to pay £561 million to settle data breach

IT Governance

JULY 23, 2019

Equifax has agreed to pay up to $700 million (about £561 million) as part of a settlement with US regulators following its mammoth data breach in 2017. The FTC (Federal Trade Commission) claimed that Equifax hadn’t taken reasonable steps to secure its systems, which led to the records of more than 147 million people being compromised.

Data breaches

Data breaches Insurance Cybersecurity Government

How OpenText Information Security employees prevent cybersecurity threats

OpenText Information Management

NOVEMBER 9, 2017

The Equifax breach disclosed in September 2017 validates why Information Security is at the forefront of the mainstream media, once again. Personal details, including social insurance and credit card numbers, may have been leaked from as many as 143 million customers.

Information Security

Information Security Cybersecurity Security Insurance

The Week in Cyber Security and Data Privacy: 23–29 October 2023

IT Governance

OCTOBER 31, 2023

Thousands of drivers have sensitive data exposed to hackers in major IT breach Date of breach: Unclear, but breached documents date back to 2017. Incident details: A security vulnerability in a third party left personal data exposed of thousands of motorists who had their vehicle towed on behalf of the An Garda Síochána.

Data Privacy

Data Privacy Privacy Data breaches Security

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey (“Horizon”) agreed to pay $1.1 The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data.

Insurance

Insurance Privacy Encryption Passwords

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

The Last Watchdog

APRIL 18, 2019

Related: Data breaches fuel fledgling cyber insurance market. Brinqa, an Austin, TX-based security vendor has come up with a cyber risk management platform designed to help companies take a much more dynamic approach to closing that gap, specifically in the areas of vulnerability management and application security, to start.

Digital transformation

Digital transformation Security Risk Cloud

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Troy Hunt

NOVEMBER 14, 2023

There was just one more interesting data point in that email: i myself am in that dataset and i've been getting 100x more phishing/scam calls, emails, and physical mail Let me end this with a best guess: this feels like the same situation as the massive Master Deeds incident in South Africa in 2017.

Insurance

Insurance Data breaches Mining IT

Second Circuit Stands By Medidata “Spoofing” Decision

Hunton Privacy

AUGUST 28, 2018

As reported on Hunton’s Insurance Recovery blog , the Second Circuit has rejected Chubb subsidiary Federal Ins. s request for reconsideration of the court’s July 6, 2018, decision, confirming that the insurer must cover Medidata’s $4.8 million loss under its computer fraud insurance policy. July 9, 2018, 2nd Cir.

Insurance

Insurance Phishing Access IT

The Case for Limiting Your Browser Extensions

Krebs on Security

MARCH 3, 2020

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. How did a browser extension lead to a malicious link being added to the health insurance company Web site?

Insurance

Insurance File names Risk Marketing

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. The key security lesson is that an identity gets assigned to each and every RPA, creating fresh attack vectors. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Digital transformation

Digital transformation Insurance Compliance Healthcare

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

MAY 9, 2020

A few weeks later, threat actors launched multiple attacks that attempted to exploit the CVE 2017-11882 Office flaw to run a malicious executable. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. “On April 8, 2020, we witnessed the most recent campaign by this actor. .

Government

Government Energy and Utilities Insurance Phishing

Norsk Hydro estimates March cyber attack cost at $50 Million

Security Affairs

APRIL 30, 2019

How much cost a security breach? I can tell you that potential damages could be very expensive for companies, for example, the transportation giant Maersk announced in 2017 that it would incur hundreds of millions in U.S. The good news for the investors is that the company has a robust cyber insurance in place with recognized insurers.

Insurance

Insurance Ransomware Security IT

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

On February 1, 2017, the U.S. This is the third enforcement action taken by OCR in 2017, following the respective actions taken against MAPFRE Life Insurance of Puerto Rico and Presence Health earlier in January. Children’s prior history of noncompliance with the HIPAA Privacy and Security Rules.

Privacy

Privacy Security Insurance Encryption

Cancer Center Settles with HHS for $2.3 Million over Data Breach

Hunton Privacy

DECEMBER 18, 2017

As reported in BNA Privacy Law Watch , on December 6, 2017, health care provider 21st Century Oncology agreed to pay $2.3 million to settle charges by the Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) that its security practices led to a data breach involving patient information.

Data breaches

Data breaches Insurance Information Security Risk

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance

Insurance Paper Risk Big data

Russians Shut Down Huge Card Fraud Ring

Krebs on Security

MARCH 26, 2020

In a statement released this week, the Russian Federal Security Service (FSB) said 25 individuals were charged with circulating illegal means of payment in connection with some 90 websites that sold stolen credit card data. authorities in 2017.

Retail

Retail Insurance Cybersecurity Data breaches

2017 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

JANUARY 9, 2018

But first, it’s also worth noting that Tom O’Connor and I will be discussing some of these cases – and what the legal profession can learn from those rulings – on Thursday’s webcast Important eDiscovery Case Law Decisions of 2017 and Their Impact on 2018 at noon CT (1pm ET, 10am PT). Los Alamos National Security, LLC et. You decide.

e-Discovery

e-Discovery Computer and Electronics Communications Cloud

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Crooks stole driver’s license numbers from Geico auto insurer

Webinars

Trending Sources

Merck Wins Insurance Lawsuit re NotPetya Attack

Webinars

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

Experian’s Credit Freeze Security is Still a Joke

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

American Insurance firm State Farm victim of credential stuffing attacks

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk

Hunton Privacy and Insurance Leaders Address Prevention and Insurability of Cyber Attacks

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Karma Catches Up to Global Phishing Service 16Shop

A Chief Security Concern for Executive Teams

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

Scanning for Flaws, Scoring for Security

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

How Cyber Essentials can help secure against malware

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

A Cyber Insurance Backstop

Dark Overlord hacking crew publishes first batch of confidential 9/11 files

Equifax to pay £561 million to settle data breach

How OpenText Information Security employees prevent cybersecurity threats

The Week in Cyber Security and Data Privacy: 23–29 October 2023

NYDFS settles cybersecurity regulation matter for $1.8 million

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Second Circuit Stands By Medidata “Spoofing” Decision

The Case for Limiting Your Browser Extensions

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Norsk Hydro estimates March cyber attack cost at $50 Million

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Cancer Center Settles with HHS for $2.3 Million over Data Breach

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Regulatory Update: NAIC Fall 2018 National Meeting

Russians Shut Down Huge Card Fraud Ring

2017 eDiscovery Case Law Year in Review, Part 3

Stay Connected