Access, Analysis, Insurance and Security - Information Management Today

The risks and limitations of AI in insurance

IBM Big Data Hub

MAY 8, 2023

In my previous post , I described the different capabilities of both discriminative and generative AI, and sketched a world of opportunities where AI changes the way that insurers and insured would interact. Usage risk—inaccuracy The performance of an AI system heavily depends on the data from which it learns.

Insurance

Insurance Risk Artificial Intelligence Government

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. It does this by ingesting and correlating data from a wide array of security-related datasets.

Security

Security Risk Digital transformation Insurance

The business value of operating core insurance solutions on the cloud

IBM Big Data Hub

JUNE 23, 2023

Although interest rates have increased at an unprecedented rate over the past year due to efforts by central banks to curb inflation, insurers are locked into low-yielding investments, and it will take several years for their investment yields to improve. Core modernization (processes and technology) is a top priority for every insurer.

Insurance

Insurance Cloud Digital transformation Customer Experience

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019.

Insurance

Insurance Financial Services Mining Access

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

The alert provides Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) obtained from law enforcement investigations and reports from third-party security firms. ” reads the CSA. The largest received ransom payment was $9 million, and at least 18 of the ransoms exceeded $1 million.

Ransomware

Ransomware Blockchain Retail Insurance

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The experts detected 8.3

Insurance

Insurance Data breaches Financial Services Passwords

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. While investigating the incident, it discovered that confidential consumer information had been accessed by an unauthorised third party.

Data Privacy

Data Privacy Privacy Libraries Security

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

FEBRUARY 29, 2024

The resolution agreement requires Green Ridge to pay $40,000 to OCR and enter into a Corrective Action Plan that obligates Green Ridge to, among other items: Implement a security management process, including a thorough risk analysis, which is to be provided to HHS for review within 60 days.

Ransomware

Ransomware Personal data Risk Privacy

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Incident details: An unauthorised party gained access to some employee email accounts and the information within them, including demographic, medical and financial information.

Data Privacy

Data Privacy Privacy Security Data breaches

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Welcome to this week’s round-up of the biggest and most interesting news stories. Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy

Data Privacy Privacy Security Data breaches

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” ” reads the analysis published by SentinelOne. The attackers focused on the hijacking of programs belonging to security vendors, including Symantec, TrendMicro, BitDefender, McAfee and Kaspersky.

Security

Security Military Insurance Cybersecurity

What Is Information Security Management?

IT Governance

FEBRUARY 22, 2022

Information security management is a way of protecting an organisation’s sensitive data from threats and vulnerabilities. The process is typically embedded via an ISMS (information security management system) , which provides the framework for managing information security. Why is information security management important?

Information Security

Information Security Security Data breaches Risk

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. . - Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. pst files - 1.5

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

German IT provider Bitmarck hit by cyberattack

Security Affairs

MAY 1, 2023

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK. Our early warning systems have reported an attack on BITMARCK’s internal systems.

IT

IT Insurance Data breaches Education

Report Shows Major Security Holes in Banking Apps

Adam Levin

APRIL 10, 2019

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data. Aite declined to identify the companies behind the apps researched or say whether they had warned the companies about the security holes discovered in their apps.

Retail

Retail Security Insurance Encryption

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

JUNE 4, 2019

Securities and Exchange Commission , LabCorp. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.” credit card numbers and bank account information), medical information and Social Security Numbers. ” ANALYSIS.

Insurance

Insurance Data Privacy Access Security

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

On December 13, 2023, VF Corp detected unauthorized access to a portion of its infrastructure. VF immediately began taking measures to remediate the attack and launched an investigation into the security breach. ” reads a Form 8-K filed with the Securities and Exchange Commission (SEC) on January 18, 2024.

Data breaches

Data breaches Passwords Retail Insurance

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. They accessed 41.5 million customers’ data having gained access via a vulnerability in Hathaway’s Laravel web application framework. Data breached: 41,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

How can organisations close the cyber security skills gap?

IT Governance

SEPTEMBER 15, 2021

A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices. This includes an inability to protect against malware, set access controls and apply updates. So why are organisations unable to address the fundamentals of cyber security?

Security

Security Insurance Education Government

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023. Why do crypto exchanges’ users need insurance?

Insurance

Insurance Risk Marketing Cybersecurity

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

Hunton Privacy

NOVEMBER 13, 2023

DMS is a HIPAA business associate (“BA”) that provides payer credentialing and medical billing services to HIPAA Covered Entities (“CEs”). As a result, the electronic protected health information (“ePHI”) of approximately 206,695 individuals was affected.

Ransomware

Ransomware Risk Insurance Encryption

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for company decision-makers and individual citizens — for the greater good.

Cybersecurity

Cybersecurity Privacy Cloud IoT

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

JULY 12, 2022

Cyber Insurer Provides Help. As Spectra Logic had the foresight to take out cyber insurance , Chubb representatives were professional and helpful, according to Mendoza. Forensic analysis of the breach came to a quick conclusion – a phishing attempt had tricked a user with privileged access into clicking on a malicious link.

Ransomware

Ransomware Insurance Cybersecurity Passwords

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The incident is one of a series of major data breaches in Thailand in recent months that have been analysed by the security company Resecurity. Data breached: 19,718,687 records.

Data Privacy

Data Privacy Manufacturing Privacy Security

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

Back in the mid-1990s, big banks and insurance companies came up with something called “bespoke assessments” as the approach for assessing third party vendor risk. It can be a big strain on resources just to respond to security questionnaires,” he says. “At This took the form of programmatic audits. Visibility boost.

Risk

Risk Insurance Access Security

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? the security posture of vendor partners). How useful is such a score?

Security

Security Energy and Utilities Risk Data breaches

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Date breached: 384,658,212 records. North Hill Home Health Care, Inc.,

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Provides certain exemptions from public disclosure for materials provided to the state in response to an investigation of a breach of security. credit or debit card number, or any financial account number in combination with any required security code, access code or password that would permit access to such financial account.

Data breaches

Data breaches IT Insurance Passwords

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. According to OPB, the district didn’t provide details, but said that “our student credentials may have been compromised as part of a security incident”.

Data Privacy

Data Privacy Privacy Data breaches Security

Mastering healthcare data governance with data lineage

IBM Big Data Hub

MAY 9, 2024

Healthcare organizations need a strong data governance framework to help ensure compliance with regulations like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the US and the General Data Protection Regulation (GDPR) in the EU. Inaccuracies might also lead to more delays or complications with insurance coverage.

Government

Government GDPR Compliance Analytics

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches

Data breaches Insurance Paper Access

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

The Week in Cyber Security and Data Privacy: 23–29 October 2023

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Incident details: A security vulnerability in a third party left personal data exposed of thousands of motorists who had their vehicle towed on behalf of the An Garda Síochána.

Data Privacy

Data Privacy Privacy Data breaches Security

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

The Last Watchdog

APRIL 18, 2019

Related: Data breaches fuel fledgling cyber insurance market. Brinqa, an Austin, TX-based security vendor has come up with a cyber risk management platform designed to help companies take a much more dynamic approach to closing that gap, specifically in the areas of vulnerability management and application security, to start.

Digital transformation

Digital transformation Security Risk Cloud

After Springhill: Assessing the Impact of Ransomware Lawsuits

eSecurity Planet

OCTOBER 18, 2021

” Cyber Insurance No Longer Reliable. Perhaps the largest lesson to draw from this case, Crockett said, is to take these threats more seriously and look beyond a simple cost-benefit analysis. ” Crockett said unofficial numbers indicate that only about 10 percent of such cyber insurance claims are paid out.

Ransomware

Ransomware Insurance Digital transformation Cybersecurity

OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance

Hunton Privacy

SEPTEMBER 24, 2020

million settlement with Athens Orthopedic Clinic PA (“Athens Orthopedic”) for alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules. Health care providers that fail to follow the HIPAA Security Rule make their patients’ health data a tempting target for hackers.”.

Insurance

Insurance Data breaches Privacy Risk

30 million Americans affected by the Astoria Company data breach

Security Affairs

MARCH 25, 2021

Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even payday loans. Collected data si shared with a number of partner sites (such as insurance or loan agencies), that pay per lead referral.

Data breaches

Data breaches Sales Insurance Marketing

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The researchers discovered credentials that provided access to 95,592,696 artifacts, as well as download permissions and some deploy operations. Among those affected was SAP SE.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

Enterprise SIEMs Miss 76 Percent of MITRE ATT&CK Techniques

eSecurity Planet

JUNE 27, 2023

Security information and event management (SIEM) systems only have detections for 24 percent of the 196 techniques in MITRE ATT&CK v13, according to a new report. “This implies that adversaries can execute around 150 different techniques that will be undetected by the SIEM,” says the CardinalOps report.

Metadata

Metadata Financial Services Insurance Manufacturing

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

The Publicly Available Facts Australian Clinical Labs Limited is listed on the Australian Securities Exchange and operates one of the largest pathology businesses in Australia. The company has said that it will be defending the claim and that it asserts that its cyber security systems are robust.

Data breaches

Data breaches Privacy Risk Information Security

The risks and limitations of AI in insurance

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

Trending Sources

The business value of operating core insurance solutions on the cloud

NY Charges First American Financial for Massive Data Leak

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

American Insurance firm State Farm victim of credential stuffing attacks

Security Compliance & Data Privacy Regulations

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

The Week in Cyber Security and Data Privacy: 16–22 October 2023

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

China-linked Moshen Dragon abuses security software to sideload malware

What Is Information Security Management?

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

German IT provider Bitmarck hit by cyberattack

Report Shows Major Security Holes in Banking Apps

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

VF Corp December data breach impacts 35 million customers

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

How can organisations close the cyber security skills gap?

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

How One Company Survived a Ransomware Attack Without Paying the Ransom

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

Scanning for Flaws, Scoring for Security

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Connecticut Tightens its Data Breach Notification Laws

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

Mastering healthcare data governance with data lineage

Data Breach: Turkish legal advising company exposed over 15,000 clients

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

The Week in Cyber Security and Data Privacy: 23–29 October 2023

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

After Springhill: Assessing the Impact of Ransomware Lawsuits

OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance

30 million Americans affected by the Astoria Company data breach

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

Enterprise SIEMs Miss 76 Percent of MITRE ATT&CK Techniques

Australian Privacy Regulator Sues in Data Breach Case

Stay Connected