Insurance Occurrence Assurance?

Andrew Hay

Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. From the article: In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. This, unfortunately, is the nature of insurance.

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

As previously posted on our Hunton Insurance Recovery blog , a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

Hunton Privacy

18, 2016), that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. Apache recouped a portion of the payments from its bank and attempted to recover the balance from its insurer. Cybersecurity Financial Privacy Information Security Email Insurance Provider Litigation

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Now the financial institution is suing its insurance provider for refusing to fully cover the losses. The email allowed the intruders to install malware on the victim’s PC and to compromise a second computer at the bank that had access to the STAR Network , a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. In June of 2016, National Bank implemented additional security protocols, as recommended by FirstData.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems. Cybersecurity Data Breaches Data Security Enforcement Health Privacy HIPAA

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Security Affairs

“Sources said the county is in the process of paying the $500,000 ransom as it’s insured for such attacks.” “The County of Delaware recently discovered a disruption to portions of its computer network.

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. Securities and Exchange Commission (SEC) recently discovered that 26 percent of U.S. Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. Insurance: The firm should communicate with its insurance company and review policy coverage.

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. Securities and Exchange Commission (SEC) recently discovered that 26 percent of U.S. Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. Insurance: The firm should communicate with its insurance company and review policy coverage.

Podcast Episode 119: EFF on Expanding Researchers Rights and AT&T talks IoT Security Fails

The Security Ledger

In this episode of the podcast, #119: Electronic Frontier Foundation General Counsel Kurt Opsahl joins us to talk about the Coders’ Rights Project. Also: we speak with Senthil Ramakrishnan, a lead member of AT&T’s IoT Security group about that company’s plans to work with Ericsson to certify the security of IoT devices. Read the EFF report “ Protecting Security Researchers’ Rights in the Americas.”

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

I referenced the fact that all 50 states (plus DC, Guam, Puerto Rico and the Virgin Islands) have security breach notification laws , but I was not aware of any specific guidelines or opinions relating to a lawyer’s duty regarding data breach notification. Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Electronic Discovery Security

Business ID Theft Soars Amid COVID Closures

Krebs on Security

based cyber intelligence firm Hold Security has been monitoring the communications between and among a businesses ID theft gang apparently operating in Georgia and Florida but targeting businesses throughout the United States.

Largest hospital system in New Jersey was hit by ransomware attack

Security Affairs

Hackensack Meridian Health did not reveal the amount of money it has paid to crooks, according to a statement issued by the hospital it holds insurance coverage for such emergencies. The post Largest hospital system in New Jersey was hit by ransomware attack appeared first on Security Affairs.

First Ever Multi-State Data Breach Lawsuit Targets Healthcare Provider: Cybersecurity Trends

eDiscovery Daily

The lawsuit alleges that Fort Wayne-based Medical Informatics Engineering and its subsidiary NoMoreClipboard “failed to take adequate and reasonable measures to ensure their computer systems were protected,” resulting in a 2015 breach that gave hackers access to the personal healthcare information of 3.9 The stolen information included not only identifying details, such as names and Social Security numbers, but also healthcare information, including diagnoses and lab results.

2019 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Yesterday, we looked back at cases related to cooperation, form of production, privilege and confidentiality disputes, social media related disputes and a key case regarding biometric security. Case Law Electronic Discovery

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS). Under their Security Suite products, OpenText provides industry-renowned EnCase.

Five Steps to HIPAA Security Compliance

HIPAA

The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. Buy medical products with security compliance and compatibility in mind.

Five Steps to HIPAA Security Compliance

HIPAA

The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. Buy medical products with security compliance and compatibility in mind.

Five Steps to HIPAA Security Compliance

HIPAA

The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure. Buy medical products with security compliance and compatibility in mind.

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

IT Governance

We found a comparatively low 9,780,931 breached records from publicly disclosed security incidents in June 2021. June’s figures bring the annual running total of security incidents to 729 and the total number of breached records to 3,947,030,094.

2017 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Hornak denied the plaintiff’s Motions to Compel third parties Microsoft, Google and Yahoo to Produce Responsive Documents Pursuant to their Subpoenas, finding that “resolution of this case begins and ends with the Stored Communications Act (‘SCA’), which generally provides that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’”.

What IG Professionals Should Know About the Internet of Bodies

ARMA International

Those employees joined a growing number of workers in other countries – Belgium, the UK, and Sweden, to name a few – who use microchips for workplace security, convenience, and commuting. Wearable technology began as any kind of electronic device designed to be worn on the user’s body.

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. . UMass did not have firewalls in place to guard against unauthorized access to ePHI transmitted over an electronic communications network.

List of data breaches and cyber attacks in December 2020 – 148 million records breached

IT Governance

We logged 134 security incidents in December, which accounted for 148,354,955 breached records. What else would you expect from the final month of 2020 than the highest number of publicly disclosed incidents we’ve ever recorded?

OCR Enters into Record Settlement with Anthem

Hunton Privacy

Three years ago, in February 2015, OCR opened a compliance review of Anthem, the nation’s second largest health insurer, following media reports that Anthem had suffered a significant cyberattack. Attackers were able to download malicious files to the employee’s computer and gain access to other Anthem systems that contained individuals’ names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Weekly podcast: NHS upgrade, $242m Equifax loss and prison hacker jailed

IT Governance

The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.”. However, a large part of the loss has been offset by the company’s cyber insurance: Equifax announced that it maintains “$125 million of cybersecurity insurance coverage, above a $7.5 Unsurprisingly, Equifax plans to spend heavily on IT and data security in the coming months.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

The representative did a “visual review” of the buckets, as USPS’s internal policy is not to plug any USB sticks into a computer (not all bad practice, eh?), Social insurance numbers. The law will apply to consumer electronics from 2020. Breaches and Hacks Cyber SecurityRather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

The representative did a “visual review” of the buckets, as USPS’s internal policy is not to plug any USB sticks into a computer (not all bad practice, eh?), Social insurance numbers. The law will apply to consumer electronics from 2020. Breaches and Hacks Cyber SecurityRather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route.

Debut of the Texas State Records Retention Schedule (RRS): 5th Edition – 5/10/2020

The Texas Record

2.1.001 Processing Files These types of records should be classified under Master Files and Application Data (2.1.002) and Computer Software Programs (2.1.007), as applicable. 2.2.004 Computer Job Schedules and Reports This type of record should be classified under Activity Reports (1.1.069).

Florida Amends Breach Notification Law to Cover Health Data, Tighten Notice Deadline and Require State Regulator Notification

Hunton Privacy

Below is a summary of several key changes the Act makes to the previous breach notification statute: The Act revises the definition of “breach of security” to cover “unauthorized access” of electronic data containing personal information; the previous law defined breach more narrowly to mean “unlawful and unauthorized acquisition” of computerized data that materially compromises the security, confidentiality or integrity of personal information.

German court: monitoring of employees by key logger is not allowed

Data Protection Report

Subsequently, the firm installed key logger software on its employees’ computers. When reviewing the files created by the software, the employer became aware that an employee had used his work computer for private purposes during working hours and, thereupon, terminated the employment relationship. Consequently, companies using security tools that monitor employees’ use of IT systems should be careful and review the use of such tools under current and future privacy laws.

The Personnel File: Retention & Best Practices

The Texas Record

Additionally, if you are using a Human Resources Information System (HRIS) or other kind of Content Management System to maintain all these records electronically, all your records can be easily auto-classified into the correct series. The enhanced electronic storage record requirements in Bulletin B kick in at the 10-year mark for local governments; for both local and state agencies, storage costs and potential information loss increase greatly every year records are being over-retained.

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Hunton Privacy

The HHS’s Office for Civil Rights (“OCR”) began an investigation of North Memorial, a non-profit health care system based in Minnesota, after North Memorial filed a breach report indicating that in September 2011, an unencrypted, password-protected laptop computer containing the protected health information (“PHI”) of 9,947 individuals was stolen from a locked vehicle of an employee of its contractor, Accretive Health (“Accretive”). Enforcement Health Privacy Security Breach U.S.

To get the most from blockchain in government, a sharing mindset is needed

CGI

When I was at university earning my Masters in Computer Science, I devoted a lot of my coursework to distributed computing. At the time, many of the potential applications of a distributed environment—such as one professor’s vision of a distributed air traffic control environment offering immediate, secure communications between every airliner and control tower—were beyond the reach of the available technology.

Me on the Equifax Breach

Schneier on Security

Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce". Mister Chairman and Members of the Committee, thank you for the opportunity to testify today concerning the security of credit data. My name is Bruce Schneier, and I am a security technologist. For over 30 years I have studied the technologies of security and privacy. My popular newsletter Crypto - Gram and my blog Schneier on Security are read by over 250,000 people.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. Resolution on the Need for Action in the Area of Public Security. The DPAs request to strengthen the rights of the private and intimate sphere of patients’ and insured patients’ lives. The DPAs state that they are committed to the promotion of the confidentiality and integrity of electronic communications.

OPC reconsiders its approach to cross-border data transfers with the Equifax decision

Data Protection Report

Any organization governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) will have to re-evaluate and likely adjust its approach to such cross-border data transfers, possibly affecting its outsourcing and cloud computing relationships with vendors and related companies. This included social insurance numbers and other sensitive personally identifiable information.

The debate on the Data Protection Bill in the House of Lords

Data Protector

When we do the weekly supermarket shop online, we should be able to move our shopping list electronically. Where the Information Commissioner gives notices to data controllers, she can now secure compliance, with the power to issue substantial administrative penalties of up to 4% of global turnover. How then will we secure adequacy without adhering to the charter? It would also follow the approach taken by Switzerland, which has secured an adequacy decision from the EU.

GDPR 120

2019 end-of-year review part 1: January to June

IT Governance

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Countless office workers were forced to get back to their jobs after Reddit suspended a host of accounts in light of security concerns.