Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. The Act defines licensees as persons authorized, registered, or licensed under Michigan insurance laws or required to be so. 6491 (Act). MCL § 500.550.

Insurance 68

Insurance Security Cybersecurity FOIA 68

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. But after being presented with a document including the Social Security number of a health professional in D.C. Washington, D.C.

Access 299

Access Authentication Information Security Communications 299

Security Affairs

MAY 27, 2019

The US real-estate insurance biz, First American Financial, accidentally leaked customers’ highly personal files online, hundreds of millions of documents. The US real-estate insurance company First American Financial Corp. accidentally leaked hundreds of millions of documents. billion in 2018. billion in 2018.

Insurance 55

Insurance Access Security Privacy 55

Security Affairs

APRIL 29, 2024

Hutcheson allegedly provided irrelevant documents, such as health insurance and auto insurance policies, along with pages from sheriff training manuals, as evidence of authorization to access the data.

Insurance 100

Insurance Communications Access IT 100

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Security Affairs

APRIL 10, 2024

The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members in the Madison metropolitan area of Wisconsin. The company pointed out that they have no indication that information has been used or further disclosed.

Data breaches 117

Data breaches e-Discovery Ransomware Insurance 117

Armstrong Archives

DECEMBER 19, 2023

Everything from tax documents to employee files to bank statements must be kept on file, often for years at a time. At Armstrong Archives , we’re proud to stand at the forefront of records management, offering expert guidance in record retention policy and document management, ensuring that our clients stay compliant and efficient.

Compliance 52

Compliance Archiving Digital transformation Sales 52

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Ransomware 342

Ransomware Security Agriculture Cybersecurity 342

Security Affairs

FEBRUARY 26, 2021

Our online security team has uncovered a massive data breach originating from a misconfigured Amazon Bucket, which was operated by a Turkish Legal advising company, INOVA YÖNETIM & AKTÜERYAL DANI?MANLIK. Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums.

Data breaches 99

Data breaches Insurance Paper Access 99

Security Affairs

NOVEMBER 17, 2023

TFS offers various financial products, including auto loans, leases, and insurance solutions. Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services 124

Financial Services Ransomware Data breaches Insurance 124

Security Affairs

DECEMBER 11, 2023

TFS offers various financial products, including auto loans, leases, and insurance solutions. Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services 115

Financial Services Data breaches Ransomware Insurance 115

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum. Drug prescription listings).

Insurance 113

Insurance Passwords Libraries Access 113

Security Affairs

FEBRUARY 8, 2024

Cyber Insurance: US cyber insurance premiums soared by 50% in 2022, reaching $7.2 million unfilled cyber security jobs, showing a big need for skilled professionals. Cloudflare Breach : Cloudflare revealed a breach by likely state actors who accessed some documents and a bit of source code. million, up 15% in three years.

Security 125

Security Phishing IoT Ransomware 125

IT Governance

OCTOBER 11, 2022

This process should be embedded within your overall cyber security measures in what experts refer to as cyber defence in depth. The framework consists of five interrelated stages (or ‘layers’) to help organisations manage information security risks across all parts of their business. Why Cyber Insurance is Essential in 2022.

Risk 124

Risk GDPR Information Security Personal data 124

IT Governance

JULY 6, 2020

Many of those organisations have correctly identified malware as a top priority, with 45% saying they’ve taken extra security precautions to tackle the threat, compared to 26% in 2015. For example, the report found that: Only 9% of organisations have a documented cyber security policy; Only 10% have cyber insurance; and.

Information Security 142

Information Security Phishing IoT Insurance 142

Security Affairs

NOVEMBER 8, 2022

Australian health insurer Medibank confirmed that personal data belonging to around 9.7 Medibank is one of the largest Australian private health insurance providers with approximately 3.9 Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers. million customers.

Ransomware 92

Ransomware Insurance Personal data Data breaches 92

Security Affairs

APRIL 16, 2024

Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. According to the announcement, the stolen data includes: - 285 Gb of quality control data - 24 Gb - 896 client folders, many famous brands like SpaceX, IBM, Apple, Huawei, etc. -

Ransomware 113

Ransomware Manufacturing Insurance Cybersecurity 113

Security Affairs

JANUARY 18, 2023

The security loophole resulted in millions of private documents being revealed to the public. Researchers found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services.

Privacy 89

Privacy Insurance Personal data Phishing 89

Security Affairs

JANUARY 7, 2023

The gang initially leaked samples of the stolen data as proof of the attack, it claimed to have stolen contracts, NDA and other agreements documents, company private info (budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Ransomware 84

Ransomware Insurance Data breaches Access 84

IT Governance

NOVEMBER 6, 2023

On 2 September, it confirmed that an unauthorised party had accessed or removed some of its files, some of which contained confidential patient information. Compromised information included patients’ names, dates of birth, postal addresses, Social Security numbers, diagnosis and treatment information, and health insurance information.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. This matter began when insurance affiliate #1, licensed by NYDFS, discovered a phishing email in September of 2018. NYDFS Cybersecurity Regulation.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Security Affairs

FEBRUARY 26, 2023

The attackers compromised one of the company systems and had access to the emails and documents of some employees. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. Not all of this information was impacted for each affected individual.

IT 91

IT Data breaches Insurance Cybersecurity 91

The Last Watchdog

JUNE 1, 2020

And they might look into getting insurance to transfer at least some of this risk. LW: How ready is the insurance industry to supply policies to cover cyber risks enterprises may increasingly look to transfer – as they integrate cyber risk into ERM planning? Clinton: The insurance industry is large, complex and diversified.

Risk 199

Risk Insurance Cybersecurity Marketing 199

Hunton Privacy

FEBRUARY 29, 2024

The Corrective Action Plan also requires GRBH to submit implementation and annual reports to HHS and comply with document retention requirements. Review all business associate agreements and other vendor agreements within 60 days.

Ransomware 111

Ransomware Personal data Risk Privacy 111

Security Affairs

JUNE 16, 2020

Researchers at cybernews.com recently uncovered an unsecured Amazon Simple Storage Service (S3) bucket that contains more than 36,000 documents, including scans of passports, credit cards, and health insurance cards. What data is in the bucket? At the time of discovery, the data bucket contained 7,515 PDF and 25,895 JPG files.

Sales 96

Sales Personal data Insurance Marketing 96

eSecurity Planet

DECEMBER 9, 2021

Document the incident response process as a plan. Some of us don’t formally document our processes. We need to regularly update our documentation on a quarterly, annual, or event-driven schedule. Then we must effectively circulate the incident response documents. Document contingencies. Document contingencies.

Insurance 125

Insurance Ransomware Data breaches Cloud 125

Hunton Privacy

NOVEMBER 15, 2023

On December 5, 2022, the OAIC announced that it had commenced an investigation into the personal information handling practices of Medlab Pathology in relation to its notifiable data breach. The Allegations in the Case The originating documents are not yet publicly available. Class actions.

Data breaches 128

Data breaches Privacy Risk Information Security 128

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity 68

Cybersecurity Insurance Risk Compliance 68

The Last Watchdog

APRIL 3, 2019

Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies. Compliance matters. Public trust must be maintained.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 68

Financial Services Cybersecurity Insurance Risk 68

Security Affairs

OCTOBER 30, 2021

Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients. The security breach took place between June 2020 and January and impacted more than 209,048 individuals.

Access 95

Access Insurance Data breaches Security 95

Security Affairs

OCTOBER 1, 2023

Immediately after detecting the intrusion, the company launched an investigation with the help of leading third-party cybersecurity experts and is also coordinating with its insurers. On Thursday, CNN warned that the security breach may have exposed US DHS data after having obtained an internal memo of the agency.

Ransomware 129

Ransomware Insurance Cybersecurity Encryption 129

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

Security Affairs

JUNE 5, 2020

“As per our researchers, this data leak includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.” . “Just like previous data leaks, the Cyble Research Team has also identified and verified this data leak.”

Ransomware 124

Ransomware Insurance Cybersecurity Security 124

Security Affairs

JANUARY 23, 2024

uk @GossiTheDog @UK_Daniel_Card @SOSIntel @joetidy pic.twitter.com/erEvd0DtBT — Dominic Alvieri (@AlvieriD) January 22, 2024 The group claims to have stolen 750 gigabytes of sensitive data, including users’ personal documents and corporate documents. /southernwater.co[.]uk

Encryption 119

Encryption Ransomware Blockchain Insurance 119

Hunton Privacy

AUGUST 10, 2022

On July 21, 2022, the National Institute of Standards and Technology (“NIST”) released an updated draft of its HIPAA Security Rule guidance. NIST issued the updated draft guidance to align it with other NIST cybersecurity guidance documents that have been published since the original HIPAA Security Rule guidance was issued in 2008.

Security 64

Security Insurance Cybersecurity Risk 64

IBM Big Data Hub

MAY 28, 2024

Together, these comprehensive approaches not only deter threat actors but also standardize the management of sensitive data and corporate information security and limit any business operations lost to downtime. Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches 82

Data breaches GDPR Compliance Encryption 82