Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 Data of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

The Multi-Cloud Era Creates New Encryption Challenges

Thales eSecurity

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. We’ve just released the results from our Global Encryption Trends Study which once again show positive growth in the use of encryption across a wide variety of use cases. For example: 43% of respondents report that their organization has an encryption strategy applied consistently across their enterprise.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. To protect against this exposure and mitigate the impact of adverse cyber incidents, insurance companies have developed cyber cover – a modular insurance product covering a range of losses such as liability for damages, legal and PR costs, and ransom payments.

Premera to pay $10M to settle state suits on breach

Information Management Resources

Health insurer Premera Blue Cross Blue Shield will pay $10 million to settle a suit brought against the company by Washington Attorney General Bob Ferguson. Data breaches Data security Cyber security Encryption Healthcare-related legislation Lawsuits Insurance

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. account information (when and where the account was set up); PFI that is not included in C2 Information and C3 Information; Class 2 (“C2 Information”) – a certain level of impact to data subjects if leaked: account information (such as account number, account user name, securities and insurance account numbers); transaction data (e.g. Carolyn Bigg, Hong Kong.

4 Ways an Encrypted File Sharing Service Can Help Your Business Share Documents with Confidence

OneHub

The second is to make sure they use encryption, preferably bank-level. Here’s what every business needs to know about using an encrypted file sharing service and how to safely share documents. What Is Bank-Level Encryption? . But when it comes to protecting social security numbers, bank accounts, and credit card information, bank-level encryption is a must. Bank-level encryption refers to a certain level of encryption imposed over digital files and online transactions.

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data. The policyholder data was password protected but not encrypted, in violation of HIPAA and HITECH. Federal Law Consumer Protection Encryption HIPAA HITECH Act New Jersey Protected Health Information Social Security Number

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.” In response, the database engine vendor agreed to rebrand the data protection method as “Data Camouflage” instead of “encryption.”

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

Rise in cyber attacks leads to cyber insurance business soaring

IT Governance

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. According to the BBC , Hiscox has seen a rise in its cyber and data risks insurance following high-profile breaches – particularly the TalkTalk breach – and in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline.

600,000 affected by huge data breach in Michigan

Information Management Resources

The effects of a September 2018 ransomware attack are still reverberating for Wolverine Solutions Group, which serves both health insurers and provider organizations. Ransomware Data breaches Hacking Encryption HIPAA regulations

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws. To date, approximately 30 insurance groups, representing 15 lead states, have volunteered to participate in field testing. Virginia Insurance Commissioner Scott A.

Why Genomic Data Is so Important to Protect

InfoGoTo

For instance, the Health Insurance Portability and Accountability Act (HIPAA) de-identification standards are difficult to apply in a meaningful manner. Many organizations use encryption, decryption and data platforms to combat data breaches and hacks. Privacy & Security cloud computing Encryption genomic data genomic research human genomeOver the last few years, there has been a significant growth in interest regarding genomic research and data.

Ransomware Bites Dental Data Backup Firm

Krebs on Security

based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. 26, and encrypted dental records for some — but not all — of the practices that rely on DDS Safe.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states. In addition, he said, it seems clear that the fraudsters are recycling stolen identities to file phony unemployment insurance claims in multiple states.

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Compliance Cybersecurity Data Breaches Enforcement Financial Privacy Information Security Insurance Policy Regulation U.S. Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches.

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

More than 60 agencies, including local councils, state coroners, Centrelink, the National Disability Insurance Agency and the Australian Sports Anti-Doping Authority, have been accessing data using a loophole in the Telecommunications Act that allows them to bypass restrictions in the 2015 data retention legislation, under which access was restricted to only 20 agencies, primarily police and other law enforcement bodies.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft , an intrusion that encrypted files for approximately 400 dental practices. Thomas Terronez , CEO of Iowa-based Medix Dental , said he’s heard from several affected practices that the attackers are demanding $700,000 in bitcoin from some of the larger victims to receive a key that can unlock files encrypted by the ransomware. “No help from my insurance.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met.

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. University of Utah officials explained that the university’s cyber insurance policy covered part of the ransom.

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

The Court held that OCR’s civil monetary penalty for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule was “arbitrary, capricious, and otherwise unlawful.”.

Danish news agency Ritzau hit by ransomware, but did not pay the ransom

Security Affairs

The agency launched an investigation into the incident with the help of an external security firm and its insurance company. Ritzau, the biggest Danish news agency, was hit by a ransomware attack that brought it offline but refused to pay the ransom.

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form. Over half of the broker-dealers (58%) maintain insurance for cybersecurity incidents, while only a small number of the advisers (21%) maintain such insurance. Cybersecurity Information Security Insurance Provider Securities and Exchange Commission

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” the company said in a public statement. Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. .

China Releases National Standard on Personal Information Security

Hunton Privacy

Sensitive personal information” includes personal information such as financial information, identifying information (such as an ID card, social insurance card, passport or driver’s license) and biological identifying information. Encryption measures must be adopted whenever sensitive personal information is retained.

Interim proprietary injunction granted over bitcoin cyber extortion payment

Data Protection Report

The case was brought by an English insurer (requesting anonymity) against four defendants, consisting of unknown cyber-extortionists (as well as three other parties who respectively hold and/or trade Bitcoins). The claim related to a customer of the Insurer whose data and systems had been encrypted and bitcoin ransom payment demanded. After some negotiation, the Insurer agreed to pay the ransom (equal to $950,000) in return for the decryption tool.

Albany County Airport authority hit by a ransomware attack

Security Affairs

According to the experts, the ransomware encrypted files on the authority’s servers and its backup servers. From there, the virus spread to the authority’s servers and backup servers, encrypting files.” The infection was discovered on Christmas Day, the ransomware encrypted administrative files, but no personal or financial traveler data was exposed. The airport authority will seek to recover the $25,000 deductible it paid on its insurance policy from LogicalNet.

US banking regulators propose a rule for 36-hour notice of breach

Data Protection Report

The proposed regulation specifically includes as an example of a notification incident a “ransom malware attack that encrypts a core banking system or backup data.”

Data Security Act Introduced in New York State Assembly

Hunton Privacy

unsecured protected health information (as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule). State Law Consumer Protection Email Encryption Gramm Leach Bliley Act HIPAA Legislation National Institute of Standards and Technology New York Penalty Personal Information Social Security Number

Hackers Were Inside Citrix for Five Months

Krebs on Security

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files. Anyway, the group explained that they did not encrypt the bank documents in February, because it “was at least incorrect during the world pandemic” The stolen data includes 4 million unique credit card records, and 140,000 allegedly belonging to USA citizens.

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The compromised databases included names, addresses, dates of birth, insurance policy details, medical record numbers, account balances and dates of service — of both guarantors and patients. In early 2015, health insurer A nthem Inc. That was followed by a wave of successful ransomware attacks in which attackers targeted healthcare patient date, encrypted that data, and then demanded a ransom to supply a decryption key.