Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 Data of 78.8

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

How to make sure your cyber insurance policy pays out

IT Governance

Cyber insurance is big business these days. Find out how a ransomware victim used cyber insurance to guide its response effort >> A cyber insurance policy doesn’t necessarily guarantee that you will receive aid following a data breach.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

The Multi-Cloud Era Creates New Encryption Challenges

Thales eSecurity

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. 39% encrypt extensively in public cloud services, a number which has grown significantly just in the past year.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. However, the involvement of the victim’s insurers has received less attention.

Premera to pay $10M to settle state suits on breach

Information Management Resources

Health insurer Premera Blue Cross Blue Shield will pay $10 million to settle a suit brought against the company by Washington Attorney General Bob Ferguson. Data breaches Data security Cyber security Encryption Healthcare-related legislation Lawsuits Insurance

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. transaction logs, transaction amount, insurance orders, insurance claims); user’s personal and financial information (e.g. Carolyn Bigg, Hong Kong.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

4 Ways an Encrypted File Sharing Service Can Help Your Business Share Documents with Confidence


The second is to make sure they use encryption, preferably bank-level. Here’s what every business needs to know about using an encrypted file sharing service and how to safely share documents. What Is Bank-Level Encryption? . Can your company afford to not encrypt data?

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data. The policyholder data was password protected but not encrypted, in violation of HIPAA and HITECH. Federal Law Consumer Protection Encryption HIPAA HITECH Act New Jersey Protected Health Information Social Security Number

Rise in cyber attacks leads to cyber insurance business soaring

IT Governance

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. Is critical data encrypted? “We

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.” In response, the database engine vendor agreed to rebrand the data protection method as “Data Camouflage” instead of “encryption.”

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

Why Genomic Data Is so Important to Protect


For instance, the Health Insurance Portability and Accountability Act (HIPAA) de-identification standards are difficult to apply in a meaningful manner. Many organizations use encryption, decryption and data platforms to combat data breaches and hacks. Privacy & Security cloud computing Encryption genomic data genomic research human genomeOver the last few years, there has been a significant growth in interest regarding genomic research and data.

600,000 affected by huge data breach in Michigan

Information Management Resources

The effects of a September 2018 ransomware attack are still reverberating for Wolverine Solutions Group, which serves both health insurers and provider organizations. Ransomware Data breaches Hacking Encryption HIPAA regulations

Ransomware Bites Dental Data Backup Firm

Krebs on Security

based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States.

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws. To date, approximately 30 insurance groups, representing 15 lead states, have volunteered to participate in field testing. Virginia Insurance Commissioner Scott A.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft , an intrusion that encrypted files for approximately 400 dental practices. “No help from my insurance.

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

Telstra Data protection Australia news Telecommunications industry Technology Privacy Encryption

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Compliance Cybersecurity Data Breaches Enforcement Financial Privacy Information Security Insurance Policy Regulation U.S. Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches.

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency.

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files.

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. .

Hackers Were Inside Citrix for Five Months

Krebs on Security

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.

Albany County Airport authority hit by a ransomware attack

Security Affairs

According to the experts, the ransomware encrypted files on the authority’s servers and its backup servers. From there, the virus spread to the authority’s servers and backup servers, encrypting files.”

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form. Over half of the broker-dealers (58%) maintain insurance for cybersecurity incidents, while only a small number of the advisers (21%) maintain such insurance. Cybersecurity Information Security Insurance Provider Securities and Exchange Commission

Interim proprietary injunction granted over bitcoin cyber extortion payment

Data Protection Report

The case was brought by an English insurer (requesting anonymity) against four defendants, consisting of unknown cyber-extortionists (as well as three other parties who respectively hold and/or trade Bitcoins). The claim related to a customer of the Insurer whose data and systems had been encrypted and bitcoin ransom payment demanded. After some negotiation, the Insurer agreed to pay the ransom (equal to $950,000) in return for the decryption tool.

China Releases National Standard on Personal Information Security

Hunton Privacy

Sensitive personal information” includes personal information such as financial information, identifying information (such as an ID card, social insurance card, passport or driver’s license) and biological identifying information. Encryption measures must be adopted whenever sensitive personal information is retained.

Data Security Act Introduced in New York State Assembly

Hunton Privacy

unsecured protected health information (as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule). State Law Consumer Protection Email Encryption Gramm Leach Bliley Act HIPAA Legislation National Institute of Standards and Technology New York Penalty Personal Information Social Security Number

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The compromised databases included names, addresses, dates of birth, insurance policy details, medical record numbers, account balances and dates of service — of both guarantors and patients. In early 2015, health insurer A nthem Inc. That was followed by a wave of successful ransomware attacks in which attackers targeted healthcare patient date, encrypted that data, and then demanded a ransom to supply a decryption key.

A hierarchy of data security controls

Thales eSecurity

The controls used are typically full disk encryption (FDE), KMIP key management of encryption for arrays or SAN systems or encryption of a tape or a VM image. For laptops and transportable physical media (like tapes), this level of encryption is a great control.

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

The images include scans of government-issued IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (including CVV), medical insurance cards, medical marijuana ID cards, and more.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. The DPAs request to strengthen the rights of the private and intimate sphere of patients’ and insured patients’ lives. Resolution on End-to-End Encryption. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen.

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Hunton Privacy

The proposed amendments to the Safeguards Rule, which went into effect in 2003 and imposes data security obligations on financial institutions over which the Commission has jurisdiction, are based primarily on the cybersecurity regulations issued by the New York Department of Financial Services and the insurance data security model law issued by the National Association of Insurance Commissioners.

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales eSecurity

The only true way to protect data is to encrypt it. Encryption is key when it comes to protecting data. Using encryption solutions like the solutions Thales provides, companies can encrypt their data, rendering the data unintelligible in the event of a breach.

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

To achieve these, local data processing or anonymization of data must be considered; The security and confidentiality of the personal data processed in the context of connected vehicles must be guaranteed, in particular by implementing measures such as the encryption of the communication channel. .