Analysis, Encryption, Information Security and Insurance

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

Merck has resolved a dispute with insurers regarding a $1.4 Merck and its insurers have agreed with a $1.4 billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. Merck had not taken out specific insurance to cover cyber attacks, it only had insurance coverage against general risks.

Insurance

Insurance Healthcare Manufacturing Ransomware

Researchers released a free decryptor for Black Basta ransomware

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware

Ransomware Encryption Blockchain Insurance

How to make sure your cyber insurance policy pays out

IT Governance

JULY 15, 2019

Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures.

Insurance

Insurance Data breaches Risk Information Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. Depending on the file size, the ransomware encrypts the initial 5000 bytes. continues the researchers.

Encryption

Encryption Ransomware Blockchain Insurance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data Privacy

Data Privacy Compliance Privacy Security

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. The command-and-control beacons allowed Royal to prepare the City’s network resources for the May 03, 2023, ransomware encryption attack.”

Ransomware

Ransomware Encryption Systems administration Cybersecurity

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Incident details: The company found that data on its network had been encrypted without its knowledge. Records breached: 91,000 individuals affected. Records breached: Unknown.

Data Privacy

Data Privacy Privacy Security Data breaches

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

OCR 2020 Settlements Target HIPAA Security Rule Non-Compliance

Data Matters

AUGUST 27, 2020

Department of Health and Human Services, Office for Civil Rights (“OCR”) has settled three cases related to alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”), totaling $1,165,000. These settlements underscore OCR’s continued focus on enforcement of the HIPAA Security Rule.

Compliance

Compliance Security Risk Encryption

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 failed to encrypt the sensitive ePHI. failed to encrypt the sensitive ePHI. million individuals.

Data breaches

Data breaches IT Insurance Privacy

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report (MAR) that includes technical details about web shells employed by Iranian hackers. A web shell is a code, often written in typical web development programming languages (e.g.,

Passwords

Passwords Insurance Access Encryption

Catches of the Month: Phishing Scams for April 2023

IT Governance

APRIL 11, 2023

For instance, it could monitor users’ keystrokes or encrypt the user’s files in a ransomware attack. Report on phishing discovers alarming rise in attacks Cofense released its 2023 Annual State of Email Security Report last month, which revealed a surge in phishing attacks over the past year.

Phishing

Phishing Passwords Ransomware Insurance

How to create an ISO 27001-compliant risk treatment plan

IT Governance

MAY 3, 2019

This option will make things less convenient for your employees but will drastically improve your security posture. There are two ways you can do this: by outsourcing the security efforts to another organisation or by purchasing cyber insurance to ensure you have the funds to respond appropriately in the event of a disaster.

Risk

Risk Information Security Communications Insurance

OCR Settlement Emphasizes Importance of Implementing Safeguards to Protect PHI

Hunton Privacy

JANUARY 25, 2017

Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) relating to a breach of protected health information (“PHI”) contained on a portable storage device. On January 18, 2017, the U.S.

Security awareness

Security awareness Insurance Risk Compliance

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. For more information about the SEC cyber security disclosure rules, register for our free webinar on 30 November.) Records breached: Unknown Systems East, Inc.

Data Privacy

Data Privacy Privacy Data breaches Security

Eurofins, the UK’s largest police forensics lab paid ransom after an attack

Security Affairs

JULY 5, 2019

Eurofins Scientific, the UK’s largest police forensics lab contractor, announced to have paid a ransom to crooks to recover its data after a ransomware had been encrypted them. Eurofins Scientific, the UK’s biggest provider of forensic services, has paid a ransom to demand to recover its data after a ransomware attack.

Ransomware

Ransomware Insurance Encryption Security

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Almost half of the broker-dealers (47%) reportedly participate in information sharing organizations such as the Financial Services Information Sharing and Analysis Center. Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

TA505 group updates tactics and expands the list of targets

Security Affairs

AUGUST 28, 2019

” reads the analysis published by TrendMicro. TA505 also used in one attack an updated version of ServHelper that included the strings’ binary encrypted in Vigenère cipher. and which used emails with subjects pertaining to finance or urgent concerns on insurance policies. 36/p2, that is the same binary we found in the.

e-Delivery

e-Delivery Insurance Retail Government

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

Entities covered by the Regulation, which includes not only banks and insurers, but also other financial service institutions and licensees regulated by the DFS that utilize third-party service providers, will be required to implement third-party risk management programs by March 1.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

South Dakota and Colorado strengthen data breach protections

Data Protection Report

JANUARY 29, 2018

In addition, the bill authorizes the state Attorney General to impose a civil penalty of up to $10,000 per day per violation and to recover attorneys’ fees and costs associated with an action brought against the information holder. under HIPAA). under HIPAA).

Data breaches

Data breaches Insurance Personal data Encryption

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

OCTOBER 21, 2019

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and Accountability (HIPAA) regulatory framework. OCR will take action to enforce the HIPAA Right of Access.

Risk

Risk Compliance Privacy Phishing

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Hunton Privacy

MARCH 22, 2016

million settlement with the Minnesota Attorney General for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, and various Minnesota debt collection and consumer protection laws. failed to encrypt ePHI or implement an equivalent mechanism. Feinstein Institute.

Computer and Electronics

Computer and Electronics Risk Passwords Privacy

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

The Riskonnect GRC platform has specific use cases for risk management, information security, compliance, and audit professionals in healthcare, retail, insurance, financial services, and manufacturing. Insurance & claims management. See our in-depth look at LogicManager. Riskonnect. Back to top. Audit management.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

The Riskonnect GRC platform has specific use cases for risk management, information security, compliance, and audit professionals in healthcare, retail, insurance, financial services, and manufacturing. Insurance & claims management. See our in-depth look at LogicManager. Riskonnect. Back to top. Audit management.

Compliance

Compliance Risk Government Retail

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Perimeter security tools include: Firewalls: Filter traffic and monitor access based upon firewall rules and policies for the network, network segment, or assets protected by different types of firewalls. Apply encryption protocols and other security measures to connections between computers.

Security

Security Cloud Cybersecurity Risk

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C.

Data Privacy

Data Privacy Privacy Security Data breaches

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

insurance giant Beazley Worldwide reported that the average ransomware demand in 2018 was more than $116,000, a figure admittedly skewed by some very large demands. A top-down security mindset absolutely must be instilled and nurtured. A poll of IT pros in the U.S., Canada, Germany and the U.K. In its most recent annual report , U.K.

Ransomware

Ransomware Access Cybersecurity Insurance

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. Encrypting critical data assets. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

AIIM

MARCH 26, 2018

The more granular the data set is the more valuable it is for research and analysis purposes. Data risk assessment should take into account a number of variables such as the size of the data set, the sensitivity of the information and the granularity of the data set.

GDPR

GDPR Data Privacy Privacy Compliance

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. 5,255,944,117 known records breached in 128 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Manufacturing Security

The Hacker Mind Podcast: Tib3rius

ForAllSecure

JANUARY 11, 2023

Tib3rius from White Oak Security discusses his experience as a web application security pen tester, his OSCP certification, and how he’s giving back to the community with his Twitch , Youtube , and tools he's made available on GitHub. So honestly, every single kind of web app is just a portal to information. VAMOSI: Yeah.

IT

IT Security Access Education

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Cyble Vision can integrate with an existing SIEM or SOAR and provide incident response, threat analysis, and vulnerability management. Ubiq Security. Cowbell Cyber.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Information Management Today

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Researchers released a free decryptor for Black Basta ransomware

Webinars

Trending Sources

How to make sure your cyber insurance policy pays out

Webinars

Black Basta gang claims the hack of the UK water utility Southern Water

Security Compliance & Data Privacy Regulations

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

The Week in Cyber Security and Data Privacy: 16–22 October 2023

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

OCR 2020 Settlements Target HIPAA Security Rule Non-Compliance

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

US CISA report shares details on web shells used by Iranian hackers

Catches of the Month: Phishing Scams for April 2023

How to create an ISO 27001-compliant risk treatment plan

OCR Settlement Emphasizes Importance of Implementing Safeguards to Protect PHI

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

Eurofins, the UK’s largest police forensics lab paid ransom after an attack

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

TA505 group updates tactics and expands the list of targets

Transition period under New York Cybersecurity Regulation ends March 1, 2019

South Dakota and Colorado strengthen data breach protections

OCR Provides Insight into Enforcement Priorities and Breach Trends

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

Network Security Architecture: Best Practices & Tools

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

The Hacker Mind Podcast: Tib3rius

Top Cybersecurity Startups to Watch in 2022

Stay Connected