Insurance Occurrence Assurance?

Andrew Hay

Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. This, unfortunately, is the nature of insurance. News ciso cyber insurance cyber security insurance security security program

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

As previously posted on our Hunton Insurance Recovery blog , a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Now the financial institution is suing its insurance provider for refusing to fully cover the losses. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

Hunton Privacy

18, 2016), that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. Apache recouped a portion of the payments from its bank and attempted to recover the balance from its insurer. Cybersecurity Financial Privacy Information Security Email Insurance Provider Litigation

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g., Insurance: The firm should communicate with its insurance company and review policy coverage. Insurance should be specifically evaluated with potential cyberattacks and data breach in mind.

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g., Insurance: The firm should communicate with its insurance company and review policy coverage. Insurance should be specifically evaluated with potential cyberattacks and data breach in mind.

No Bad Faith Means No Sanctions for Failing to Preserve Video of Altercation: eDiscovery Case Law

eDiscovery Daily

In assessing the plaintiff’s motion, Judge O’Hara noted that “the parties agreed the surveillance video is a form of electronically stored information (“ESI”) subject to the preservation requirements of Rule 37(e)”. Case Law Electronic Discovery Preservation SanctionsIn Stovall v.

Will Lawyers Ever Embrace Technology?: eDiscovery Best Practices, Part Four

eDiscovery Daily

Craig Ball once made a great point in responding to a post of mine about educating lawyers when he said “ We not only need to persuade lawyers to take the plunge, we need to insure there’s a pool for them to jump into. Do they go to a community night course on computers?

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Reltio

I got good grades in mathematics at school but it was an evening class in secondary school that I took in what was then called EDP (Electronic Data Processing) that got me started. We didn’t even have a computer at that school so the whole class was about things drawn on the blackboard. Then one day we had a trip to a larger college that actually had computers and I was hooked! I was educated in computer engineering but my first job was on the business side.

MDM 46

Business ID Theft Soars Amid COVID Closures

Krebs on Security

She shared with me a copy of the lease, which included a fraudulent ID and even a vehicle insurance card for a Land Cruiser we got rid of like 15 years ago.

Court Rules Non-Party Subpoenaed ESI Not Subject to 100-Mile Boundary: eDiscovery Case Week

eDiscovery Daily

In this case where the plaintiff claimed breach of contract, bad faith, unjust enrichment, and fraud against the defendant insurance company over the valuation of the plaintiff’s vehicles after two automobile collisions, the plaintiff served non-party Mitchell International, Inc.

First Ever Multi-State Data Breach Lawsuit Targets Healthcare Provider: Cybersecurity Trends

eDiscovery Daily

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

2019 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

DiGiusti granted the “Children” defendants’ Motion to Compel against non-party City of Oklahoma City Police Department (“OCPD”) to comply with the Children’s subpoena of records related to the murder of their father in a civil case with the insurance company. Case Law Electronic Discovery

Standardizing the Non-Standard Digital Forensics Protocol, Sort Of: eDiscovery Best Practices

eDiscovery Daily

Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Largest hospital system in New Jersey was hit by ransomware attack

Security Affairs

Hackensack Meridian Health did not reveal the amount of money it has paid to crooks, according to a statement issued by the hospital it holds insurance coverage for such emergencies.

2017 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Hornak denied the plaintiff’s Motions to Compel third parties Microsoft, Google and Yahoo to Produce Responsive Documents Pursuant to their Subpoenas, finding that “resolution of this case begins and ends with the Stored Communications Act (‘SCA’), which generally provides that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’”.

What IG Professionals Should Know About the Internet of Bodies

ARMA International

Another common name for the IoB is embodied computing , where the human body is used as a technology platform. Wearable technology began as any kind of electronic device designed to be worn on the user’s body. Welcome to the Age of the Internet of Bodies.

The U.S. Office of the Comptroller of the Currency Seeks Comment on Digital Innovation by Banks

Data Matters

electronic payments, check capture and online banking), the OCC lists some of the new technologies, the implementation of which may be hindered by ambiguous, burdensome or inflexible rules, such as blockchain, artificial intelligence, biometrics, cloud computing and big data/analytics. The U.S.

Debut of the Texas State Records Retention Schedule (RRS): 5th Edition – 5/10/2020

The Texas Record

2.1.001 Processing Files These types of records should be classified under Master Files and Application Data (2.1.002) and Computer Software Programs (2.1.007), as applicable. 2.2.004 Computer Job Schedules and Reports This type of record should be classified under Activity Reports (1.1.069).

Podcast Episode 119: EFF on Expanding Researchers Rights and AT&T talks IoT Security Fails

The Security Ledger

In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. » Related Stories Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats Spotlight Podcast: At 15 Cybersecurity Awareness Month Grows with Cyber Risk Spotlight Podcast: 15 Years Later Is Cybersecurity Awareness Month Working?

Who Is Infosource? An Interview With Johann Hoepfner About Printing, Capture, and More

Document Imaging Report

I started to understand bigger printers and bigger computers. Infosource back then had just switched from printed reports to electronic and Web-based data delivery. The commercial printing — which is often still paper-based, insurance, bank statements, etc.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

The representative did a “visual review” of the buckets, as USPS’s internal policy is not to plug any USB sticks into a computer (not all bad practice, eh?), Social insurance numbers. The law will apply to consumer electronics from 2020.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

The representative did a “visual review” of the buckets, as USPS’s internal policy is not to plug any USB sticks into a computer (not all bad practice, eh?), Social insurance numbers. The law will apply to consumer electronics from 2020.

Weekly podcast: NHS upgrade, $242m Equifax loss and prison hacker jailed

IT Governance

However, a large part of the loss has been offset by the company’s cyber insurance: Equifax announced that it maintains “$125 million of cybersecurity insurance coverage, above a $7.5

The Personnel File: Retention & Best Practices

The Texas Record

Additionally, if you are using a Human Resources Information System (HRIS) or other kind of Content Management System to maintain all these records electronically, all your records can be easily auto-classified into the correct series.

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. . UMass did not have firewalls in place to guard against unauthorized access to ePHI transmitted over an electronic communications network.

Does Your Business Depend on Stronger Election Security?

Adam Levin

If you doubt it, consider the recent Chubb survey , which found a 930% increase in cyber insurance claims filed by businesses alongside this: 75% of respondents believing that their companies had “excellent” or “good” cybersecurity practices.

Five Steps to HIPAA Security Compliance

HIPAA

The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards.

Five Steps to HIPAA Security Compliance

HIPAA

The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards.

OCR Enters into Record Settlement with Anthem

Hunton Privacy

Three years ago, in February 2015, OCR opened a compliance review of Anthem, the nation’s second largest health insurer, following media reports that Anthem had suffered a significant cyberattack. Attackers were able to download malicious files to the employee’s computer and gain access to other Anthem systems that contained individuals’ names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.

German court: monitoring of employees by key logger is not allowed

Data Protection Report

Subsequently, the firm installed key logger software on its employees’ computers. When reviewing the files created by the software, the employer became aware that an employee had used his work computer for private purposes during working hours and, thereupon, terminated the employment relationship. Norton Rose Fulbright has been shortlisted for ‘Cyber law firm of the year’ at the Insurance Insider Cyber Ranking Awards 2017.

To get the most from blockchain in government, a sharing mindset is needed

CGI

When I was at university earning my Masters in Computer Science, I devoted a lot of my coursework to distributed computing. But the doctor decides the medical treatment while the insurance provider decides the amount and mode of payment. The doctor’s office owns the Electronic Health Record system, but that doesn’t give the office ownership of the patient’s medical information or control over the insurance company’s payment decision.

OPC reconsiders its approach to cross-border data transfers with the Equifax decision

Data Protection Report

Any organization governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) will have to re-evaluate and likely adjust its approach to such cross-border data transfers, possibly affecting its outsourcing and cloud computing relationships with vendors and related companies. This included social insurance numbers and other sensitive personally identifiable information.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. The DPAs request to strengthen the rights of the private and intimate sphere of patients’ and insured patients’ lives. The DPAs state that they are committed to the promotion of the confidentiality and integrity of electronic communications. On October 2, 2013, the 86th Conference of the German Data Protection Commissioners concluded in Bremen.

Me on the Equifax Breach

Schneier on Security

I am a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of Electronic Privacy Information Center and VerifiedVoting.org. This is exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, cell phone companies and other businesses vulnerable to fraud. This was not a minor vulnerability; the computer press at the time called it "critical."

Extending intranets to hard-to-reach staff: Controlled documents kiosk example

ChiefTech

This Intranet Benchmarking Forum (IBF) post about meeting the needs of hard-to-reach staff reminded me of a kiosk system that was developed on top of an electronic document and records management system at Illawarra Coal (part of BHPB Billiton ) – I was part of the team that helped to implement the system and came up with the conceptual design of the intranet publishing architecture from this system.

Florida Amends Breach Notification Law to Cover Health Data, Tighten Notice Deadline and Require State Regulator Notification

Hunton Privacy

Below is a summary of several key changes the Act makes to the previous breach notification statute: The Act revises the definition of “breach of security” to cover “unauthorized access” of electronic data containing personal information; the previous law defined breach more narrowly to mean “unlawful and unauthorized acquisition” of computerized data that materially compromises the security, confidentiality or integrity of personal information.

The debate on the Data Protection Bill in the House of Lords

Data Protector

When we do the weekly supermarket shop online, we should be able to move our shopping list electronically. If you think that your data has been anonymised, according to the computational privacy group at Imperial College, you will be wrong. What follows below is an edited version of the debate in the House of Lords of the Second Reading of the Data Protection Bill, held on 10 October.

GDPR 120

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Hunton Privacy

The HHS’s Office for Civil Rights (“OCR”) began an investigation of North Memorial, a non-profit health care system based in Minnesota, after North Memorial filed a breach report indicating that in September 2011, an unencrypted, password-protected laptop computer containing the protected health information (“PHI”) of 9,947 individuals was stolen from a locked vehicle of an employee of its contractor, Accretive Health (“Accretive”).