Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 Data of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. sought coverage for expenses under its property insurance policy.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies.

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption

Thales Cloud Protection & Licensing

Protecting Sensitive Data with Luna Key Broker for Microsoft Double Key Encryption. Thales has integrated its Luna HSMs with DKE for Microsoft 365, which work together to enable organizations to protect their most sensitive data while maintaining full control of their encryption keys.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. However, the involvement of the victim’s insurers has received less attention.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. transaction logs, transaction amount, insurance orders, insurance claims); user’s personal and financial information (e.g. Carolyn Bigg, Hong Kong.

Premera to pay $10M to settle state suits on breach

Information Management Resources

Health insurer Premera Blue Cross Blue Shield will pay $10 million to settle a suit brought against the company by Washington Attorney General Bob Ferguson. Data breaches Data security Cyber security Encryption Healthcare-related legislation Lawsuits Insurance

The Multi-Cloud Era Creates New Encryption Challenges

Thales Cloud Protection & Licensing

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. We’ve just released the results from our Global Encryption Trends Study which once again show positive growth in the use of encryption across a wide variety of use cases. For example: 43% of respondents report that their organization has an encryption strategy applied consistently across their enterprise.

IoT 48

4 Ways an Encrypted File Sharing Service Can Help Your Business Share Documents with Confidence


The second is to make sure they use encryption, preferably bank-level. Here’s what every business needs to know about using an encrypted file sharing service and how to safely share documents. What Is Bank-Level Encryption? . But when it comes to protecting social security numbers, bank accounts, and credit card information, bank-level encryption is a must. Bank-level encryption refers to a certain level of encryption imposed over digital files and online transactions.

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data. The policyholder data was password protected but not encrypted, in violation of HIPAA and HITECH. Federal Law Consumer Protection Encryption HIPAA HITECH Act New Jersey Protected Health Information Social Security Number

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.” In response, the database engine vendor agreed to rebrand the data protection method as “Data Camouflage” instead of “encryption.”

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

Rise in cyber attacks leads to cyber insurance business soaring

IT Governance

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. According to the BBC , Hiscox has seen a rise in its cyber and data risks insurance following high-profile breaches – particularly the TalkTalk breach – and in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline.

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

On July 13, 2021, federal bank regulators – the Board of Governors of the Federal Reserve System (the “Board”), the Federal Deposit Insurance Corporation (“FDIC”) and the Office of the Comptroller of the Currency (“OCC”) (collectively, the “Regulators”) – requested public comment on proposed joint guidance regarding banking organizations’ management of risks related to relationships with third-party support and service providers (the “Proposed Guidance”).

Sales 43

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.

600,000 affected by huge data breach in Michigan

Information Management Resources

The effects of a September 2018 ransomware attack are still reverberating for Wolverine Solutions Group, which serves both health insurers and provider organizations. Ransomware Data breaches Hacking Encryption HIPAA regulations

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws. To date, approximately 30 insurance groups, representing 15 lead states, have volunteered to participate in field testing. Virginia Insurance Commissioner Scott A.

Why Genomic Data Is so Important to Protect


For instance, the Health Insurance Portability and Accountability Act (HIPAA) de-identification standards are difficult to apply in a meaningful manner. Many organizations use encryption, decryption and data platforms to combat data breaches and hacks. Privacy & Security cloud computing Encryption genomic data genomic research human genomeOver the last few years, there has been a significant growth in interest regarding genomic research and data.

Ransomware Bites Dental Data Backup Firm

Krebs on Security

based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. 26, and encrypted dental records for some — but not all — of the practices that rely on DDS Safe.

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Compliance Cybersecurity Data Breaches Enforcement Financial Privacy Information Security Insurance Policy Regulation U.S. Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft , an intrusion that encrypted files for approximately 400 dental practices. “No help from my insurance.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states. In addition, he said, it seems clear that the fraudsters are recycling stolen identities to file phony unemployment insurance claims in multiple states.

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

More than 60 agencies, including local councils, state coroners, Centrelink, the National Disability Insurance Agency and the Australian Sports Anti-Doping Authority, have been accessing data using a loophole in the Telecommunications Act that allows them to bypass restrictions in the 2015 data retention legislation, under which access was restricted to only 20 agencies, primarily police and other law enforcement bodies.

How $100M in Jobless Claims Went to Inmates

Krebs on Security

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. We encrypt all that stuff down to the file level with keys that rotate and expire every 24 hours.

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

based PrismHR handles everything from payroll processing and human resources to health insurance and tax forms for hundreds of “professional employer organizations” (PEOs) that serve more than two million employees.

US water company WSSC Water hit by a ransomware attack

Security Affairs

The company uses air-gapped networks and was able to restore encrypted files from backups. The company is going to offer affected people five years of credit monitoring with $1,000,000 in identity theft insurance at no cost.

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form. Over half of the broker-dealers (58%) maintain insurance for cybersecurity incidents, while only a small number of the advisers (21%) maintain such insurance. Cybersecurity Information Security Insurance Provider Securities and Exchange Commission

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. .

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met.

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. University of Utah officials explained that the university’s cyber insurance policy covered part of the ransom.

Albany County Airport authority hit by a ransomware attack

Security Affairs

According to the experts, the ransomware encrypted files on the authority’s servers and its backup servers. From there, the virus spread to the authority’s servers and backup servers, encrypting files.”

Danish news agency Ritzau hit by ransomware, but did not pay the ransom

Security Affairs

The agency launched an investigation into the incident with the help of an external security firm and its insurance company. Ritzau, the biggest Danish news agency, was hit by a ransomware attack that brought it offline but refused to pay the ransom.