Analysis, Cybersecurity and Insurance - Information Management Today

Cyber Insurance and the Changing Global Risk Environment

Security Affairs

APRIL 22, 2022

When security fails, cyber insurance can become crucial for ensuring continuity. Our reliance on digital technology and the inherited risk is a key driving factor for buying cyber risk insurance. If the technology were to become unavailable, the resulting business impact could be mitigated with cyber insurance.

Insurance

Insurance Risk Cybersecurity Ransomware

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Security Affairs

APRIL 8, 2024

Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international clients in the legal profession, the business community, and government agencies, including the Department of Justice (DoJ). ” reads the data breach notification.

Data breaches

Data breaches Insurance Cybersecurity Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity

Cybersecurity Privacy Insurance Risk

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Advisory (CSA) regarding the Black Basta ransomware activity as part of the StopRansomware initiative. reads the Elliptic’s report. “Our analysis suggests that Black Basta has received at least $107 million in ransom payments since early 2022, across more than 90 victims.

Ransomware

Ransomware Blockchain Retail Insurance

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019.

Insurance

Insurance Financial Services Mining Access

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

The Last Watchdog

OCTOBER 5, 2023

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. How did you first get interested in cybersecurity as a career? Erin: So, let’s get started. What drew you to this field?

Cybersecurity

Cybersecurity Privacy Cloud IoT

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Nexperia launched an investigation into the security breach with the help of third-party cybersecurity experts. “Together with our external cybersecurity expert FoxIT, Nexperia continues to investigate the full extent and impact of the matter and we are closely monitoring the developments. pst files - 1.5

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

How One Company Survived a Ransomware Attack Without Paying the Ransom

eSecurity Planet

JULY 12, 2022

As we didn’t have a comprehensive cybersecurity plan in place, the attack brought the entire business to its knees.”. Cyber Insurer Provides Help. As Spectra Logic had the foresight to take out cyber insurance , Chubb representatives were professional and helpful, according to Mendoza. Most had been infected.

Ransomware

Ransomware Insurance Cybersecurity Passwords

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

This is actually down from five of the Fortune 100 in 2018, the last time KrebsOnSecurity performed this analysis. Schreider said while Datos Insights focuses mostly on the financial and insurance industries, a recent Datos survey echoes the IANS findings from last year.

Security

Security Risk Insurance Cybersecurity

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023. Why do crypto exchanges’ users need insurance?

Insurance

Insurance Risk Marketing Cybersecurity

German IT provider Bitmarck hit by cyberattack

Security Affairs

MAY 1, 2023

Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK. “BITMARCK has identified a cyber attack. ” concludes the statement.

IT

IT Insurance Data breaches Education

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

. “We have performed an analysis of the affected system and associated data to determine whether your information was potentially impacted. Based on that analysis, we have determined that certain of your information was included in those files.” million Teachers Insurance and Annuity Association of America 2.6

Data breaches

Data breaches Retail Education Ransomware

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

FEBRUARY 29, 2024

The resolution agreement requires Green Ridge to pay $40,000 to OCR and enter into a Corrective Action Plan that obligates Green Ridge to, among other items: Implement a security management process, including a thorough risk analysis, which is to be provided to HHS for review within 60 days.

Ransomware

Ransomware Personal data Risk Privacy

Regulatory Update: NAIC Summer 2021 National Meeting

Data Matters

SEPTEMBER 20, 2021

The National Association of Insurance Commissioners (NAIC) held its Summer 2021 National Meeting (Summer Meeting) August 14-17, 2021. Highlights include, among others, adoption of revised risk-based capital bond factors for life insurers, amendments to SSAP No. NAIC Adopts Revised Risk-Based Capital Bond Factors for Life Insurers.

Insurance

Insurance e-Delivery Paper Sales

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

“Based on VF’s preliminary analysis from its ongoing investigation, VF currently estimates that the threat actor stole personal data of approximately 35.5 “VF will be seeking reimbursement of costs, expenses and losses stemming from the cyber incident by submitting claims to VF’s cybersecurity insurers.

Data breaches

Data breaches Passwords Retail Insurance

Incentives, Insurance and Root Cause

Adam Shostack

DECEMBER 2, 2016

In that context, I am very excited to see a proposal from Rob Knake on “ Creating a Federally Sponsored Cyber Insurance Program.” Although regulators typically establish new requirements upon the basis of NTSB recommendations, most air carriers implement recommendations on a voluntary basis.

Insurance

Insurance Cybersecurity IT Government

After Springhill: Assessing the Impact of Ransomware Lawsuits

eSecurity Planet

OCTOBER 18, 2021

A lawsuit working its way through the courts could have a lot to say about the liabilities facing organizations that have been hit by ransomware attacks – and could have implications for cybersecurity preparation and regulation in general. ” Cyber Insurance No Longer Reliable.

Ransomware

Ransomware Insurance Digital transformation Cybersecurity

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. Related: A call to share risk assessments. Cyber hygiene boost.

Security

Security Risk Digital transformation Insurance

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. The average cost of a breach is $3.6

Ransomware

Ransomware Cybersecurity Phishing Encryption

Russians Shut Down Huge Card Fraud Ring

Krebs on Security

MARCH 26, 2020

Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade. Intel 471 says Selivanon also was charged along with Stroganov in this past week’s law enforcement action.

Retail

Retail Insurance Cybersecurity Data breaches

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. The City immediately initiated mitigation efforts after the discovery of the attack and it started restoring its services with the help of external cybersecurity experts.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

” reads the analysis published by SentinelOne. ” The analysis of the Moshen Dragon’s activity led to the discovery of several payloads uploaded to VirusTotal, some of which were the ‘PlugX Talisman variant’. In recent attacks spotted by SentinelOne, Moshen Dragon leveraged to sideload ShadowPad and PlugX variants.

Security

Security Military Insurance Cybersecurity

What Is Integrated Risk Management? Definition & Implementation

eSecurity Planet

APRIL 29, 2024

Integrated risk management identifies and eliminates unnecessary complexities to simplify risk analysis and threat control and introduces optimized operational performance as a potential side effect. Optimized Performance System complexity can introduce fragility and obscure data paths for key or regulated data.

Risk

Risk Compliance Communications Insurance

Cyberinsurance and Acts of War

Schneier on Security

FEBRUARY 13, 2019

Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. Yet no cyber insurance policies cover this entire spectrum. I had not heard about this case before.

Insurance

Insurance Risk Marketing Government

Best Ransomware Removal and Recovery Services

eSecurity Planet

OCTOBER 5, 2021

Basic cybersecurity defenses still apply: next generation firewalls (NGFW) , endpoint detection and response (EDR) platforms, employee cybersecurity training , patching. Here are the services that stood out in our analysis. Digital forensics for insurance, medical, legal, and Fortune 500 companies. Touchstone.

Ransomware

Ransomware Encryption Cybersecurity Insurance

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Periodic risk-based assessments of third parties. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Compromised information included patients’ names, dates of birth, postal addresses, Social Security numbers, diagnosis and treatment information, and health insurance information.

Data Privacy

Data Privacy Privacy Libraries Security

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

Voice-based queries use natural language processing (NLP) and sentiment analysis for speech recognition so their conversations can begin immediately. Healthcare The healthcare industry is using intelligent automation with NLP to provide a consistent approach to data analysis, diagnosis and treatment.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Risk of Harm Analysis No Longer Requires Law Enforcement Consultation. biometric information consisting of data generated by electronic measurements of an individual’s unique physical characteristics used to authenticate or ascertain the individual’s identity, such as a fingerprint, voice print, retina or iris image.

Data breaches

Data breaches IT Insurance Passwords

Global Scamdemic: Scams Become Number One Online Crime

Security Affairs

JUNE 10, 2021

Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Insurance companies around the world are now suffering from phishing. Over the past year, an average of over 100 phishing websites were created per insurer.

Phishing

Phishing Retail Insurance Risk

How to handle a ransomware attack

IBM Big Data Hub

JANUARY 22, 2024

The photo will expedite the recovery process and help when filing a police report or a possible claim with your insurance company. This will save all data in memory to a reference file on the device’s hard drive, preserving it for future analysis. Instead, put the affected systems into hibernation.

Ransomware

Ransomware Encryption Analytics Data breaches

Obama Administration Releases Incentive Reports on Cybersecurity

Hunton Privacy

AUGUST 7, 2013

On August 6, 2013, the Obama Administration posted links on The White House Blog to reports from the Departments of Commerce , Homeland Security and Treasury containing recommendations on incentivizing companies to align their cybersecurity practices with the Cybersecurity Framework.

Cybersecurity

Cybersecurity Insurance Risk Security

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

MAY 9, 2020

.” reads the analysis published by Palo Alto Networks. The attacks targeted a major utility provider, a university, and a government agency in the United States, a health agency in Canada, a health insurance provider, an energy company in Australia, and a European medical publishing company to deliver various malware families.

Government

Government Energy and Utilities Insurance Phishing

How to Find & Choose IT Outsourcing Services

eSecurity Planet

AUGUST 4, 2023

Most organizations seek to eliminate these risks by outsourcing specific projects or even their full IT or cybersecurity needs. or cybersecurity-focused trade shows (RSA Conference, Black Hat, etc.) However, buyers in most organizations don’t have the expertise to find and evaluate potential vendors.

IT

IT Compliance Cybersecurity Communications

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). See the Best Cybersecurity Awareness Training for Employees.

Data Privacy

Data Privacy Compliance Privacy Security

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance

Insurance Paper Risk Big data

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Personal information accessed in CCSD cybersecurity incident Date of breach: 5 October 2023. Breached organisation: American Family Insurance, headquartered in Wisconsin, US.

Data Privacy

Data Privacy Privacy Security Data breaches

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things. million individuals from the Company’s systems.

Data breaches

Data breaches Computer and Electronics Security Insurance

What Is a Firewall Policy? Steps, Examples & Free Template

eSecurity Planet

JANUARY 5, 2024

They provide a foundation for recognizing possible security issues and aiding forensic analysis. Address Compliance Requirements Ensure that the firewall policy complies with relevant cybersecurity and privacy requirements. Machine learning algorithms or behavioral analysis may play a role in dynamically developing these rules.

Compliance

Compliance Access Communications Cybersecurity

Cyber Insurance and the Changing Global Risk Environment

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Webinars

Trending Sources

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Webinars

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

NY Charges First American Financial for Massive Data Leak

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

How One Company Survived a Ransomware Attack Without Paying the Ransom

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

German IT provider Bitmarck hit by cyberattack

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Regulatory Update: NAIC Summer 2021 National Meeting

VF Corp December data breach impacts 35 million customers

Incentives, Insurance and Root Cause

After Springhill: Assessing the Impact of Ransomware Lawsuits

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

What is a Cyberattack? Types and Defenses

Russians Shut Down Huge Card Fraud Ring

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

China-linked Moshen Dragon abuses security software to sideload malware

What Is Integrated Risk Management? Definition & Implementation

Cyberinsurance and Acts of War

Best Ransomware Removal and Recovery Services

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Transition period under New York Cybersecurity Regulation ends March 1, 2019

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

The most valuable AI use cases for business

Connecticut Tightens its Data Breach Notification Laws

Global Scamdemic: Scams Become Number One Online Crime

How to handle a ransomware attack

Obama Administration Releases Incentive Reports on Cybersecurity

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

How to Find & Choose IT Outsourcing Services

Cybersecurity: Managing Risks With Third Party Companies

Security Compliance & Data Privacy Regulations

Regulatory Update: NAIC Fall 2018 National Meeting

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Week in Cyber Security and Data Privacy: 16–22 October 2023

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

What Is a Firewall Policy? Steps, Examples & Free Template

Stay Connected