Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 Data of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

Data Matters

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B. By doing so, South Carolina joined Connecticut and New York as states with cybersecurity regulations for insurance companies.

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

The Multi-Cloud Era Creates New Encryption Challenges

Thales eSecurity

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. We’ve just released the results from our Global Encryption Trends Study which once again show positive growth in the use of encryption across a wide variety of use cases. For example: 43% of respondents report that their organization has an encryption strategy applied consistently across their enterprise.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. To protect against this exposure and mitigate the impact of adverse cyber incidents, insurance companies have developed cyber cover – a modular insurance product covering a range of losses such as liability for damages, legal and PR costs, and ransom payments.

Premera to pay $10M to settle state suits on breach

Information Management Resources

Health insurer Premera Blue Cross Blue Shield will pay $10 million to settle a suit brought against the company by Washington Attorney General Bob Ferguson. Data breaches Data security Cyber security Encryption Healthcare-related legislation Lawsuits Insurance

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. account information (when and where the account was set up); PFI that is not included in C2 Information and C3 Information; Class 2 (“C2 Information”) – a certain level of impact to data subjects if leaked: account information (such as account number, account user name, securities and insurance account numbers); transaction data (e.g. Carolyn Bigg, Hong Kong.

4 Ways an Encrypted File Sharing Service Can Help Your Business Share Documents with Confidence


The second is to make sure they use encryption, preferably bank-level. Here’s what every business needs to know about using an encrypted file sharing service and how to safely share documents. What Is Bank-Level Encryption? . But when it comes to protecting social security numbers, bank accounts, and credit card information, bank-level encryption is a must. Bank-level encryption refers to a certain level of encryption imposed over digital files and online transactions.

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

The stolen laptops contained policyholder electronic Protected Health Information (“ePHI”), including names, addresses, birth dates, insurance identifications and, in some cases, Social Security numbers and clinical data. The policyholder data was password protected but not encrypted, in violation of HIPAA and HITECH. Federal Law Consumer Protection Encryption HIPAA HITECH Act New Jersey Protected Health Information Social Security Number

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.” In response, the database engine vendor agreed to rebrand the data protection method as “Data Camouflage” instead of “encryption.”

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

Rise in cyber attacks leads to cyber insurance business soaring

IT Governance

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. According to the BBC , Hiscox has seen a rise in its cyber and data risks insurance following high-profile breaches – particularly the TalkTalk breach – and in the run-up to the EU General Data Protection Regulation (GDPR) compliance deadline.

Why Genomic Data Is so Important to Protect


For instance, the Health Insurance Portability and Accountability Act (HIPAA) de-identification standards are difficult to apply in a meaningful manner. Many organizations use encryption, decryption and data platforms to combat data breaches and hacks. Privacy & Security cloud computing Encryption genomic data genomic research human genomeOver the last few years, there has been a significant growth in interest regarding genomic research and data.

600,000 affected by huge data breach in Michigan

Information Management Resources

The effects of a September 2018 ransomware attack are still reverberating for Wolverine Solutions Group, which serves both health insurers and provider organizations. Ransomware Data breaches Hacking Encryption HIPAA regulations

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws. To date, approximately 30 insurance groups, representing 15 lead states, have volunteered to participate in field testing. Virginia Insurance Commissioner Scott A.

Ransomware Bites Dental Data Backup Firm

Krebs on Security

based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. 26, and encrypted dental records for some — but not all — of the practices that rely on DDS Safe.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

The attack on CTS comes little more than two months after Sodinokibi hit Wisconsin-based dental IT provider PerCSoft , an intrusion that encrypted files for approximately 400 dental practices. “No help from my insurance.

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Data Matters

Compliance Cybersecurity Data Breaches Enforcement Financial Privacy Information Security Insurance Policy Regulation U.S. Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. Small Business Administration (SBA) and through fraudulent unemployment insurance claims made against several states.

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. University of Utah officials explained that the university’s cyber insurance policy covered part of the ransom.

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

More than 60 agencies, including local councils, state coroners, Centrelink, the National Disability Insurance Agency and the Australian Sports Anti-Doping Authority, have been accessing data using a loophole in the Telecommunications Act that allows them to bypass restrictions in the 2015 data retention legislation, under which access was restricted to only 20 agencies, primarily police and other law enforcement bodies.

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. .

Hackers Were Inside Citrix for Five Months

Krebs on Security

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

Almost all the examined broker-dealers (98%) and advisers (91%) make use of encryption in some form. Over half of the broker-dealers (58%) maintain insurance for cybersecurity incidents, while only a small number of the advisers (21%) maintain such insurance. Cybersecurity Information Security Insurance Provider Securities and Exchange Commission

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

Albany County Airport authority hit by a ransomware attack

Security Affairs

According to the experts, the ransomware encrypted files on the authority’s servers and its backup servers. From there, the virus spread to the authority’s servers and backup servers, encrypting files.”

Interim proprietary injunction granted over bitcoin cyber extortion payment

Data Protection Report

The case was brought by an English insurer (requesting anonymity) against four defendants, consisting of unknown cyber-extortionists (as well as three other parties who respectively hold and/or trade Bitcoins). The claim related to a customer of the Insurer whose data and systems had been encrypted and bitcoin ransom payment demanded. After some negotiation, the Insurer agreed to pay the ransom (equal to $950,000) in return for the decryption tool.

China Releases National Standard on Personal Information Security

Hunton Privacy

Sensitive personal information” includes personal information such as financial information, identifying information (such as an ID card, social insurance card, passport or driver’s license) and biological identifying information. Encryption measures must be adopted whenever sensitive personal information is retained.

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

The hackers claim to have compromised the Banco BCR’s network in August 2019, and had the opportunity to exfiltrate its information before encrypting the files. Anyway, the group explained that they did not encrypt the bank documents in February, because it “was at least incorrect during the world pandemic” The stolen data includes 4 million unique credit card records, and 140,000 allegedly belonging to USA citizens.

Data Security Act Introduced in New York State Assembly

Hunton Privacy

unsecured protected health information (as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule). State Law Consumer Protection Email Encryption Gramm Leach Bliley Act HIPAA Legislation National Institute of Standards and Technology New York Penalty Personal Information Social Security Number

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. The NYDFS alleges that First American, one of the largest providers of title insurance in the U.S.,

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The compromised databases included names, addresses, dates of birth, insurance policy details, medical record numbers, account balances and dates of service — of both guarantors and patients. In early 2015, health insurer A nthem Inc. That was followed by a wave of successful ransomware attacks in which attackers targeted healthcare patient date, encrypted that data, and then demanded a ransom to supply a decryption key.

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

According to the CISA’s report , Iranian hackers from an unnamed APT group are employing several known web shells, in attacks on IT, government, healthcare, financial, and insurance organizations across the United States. The U.S.

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

securing electronic communications by implementing and developing end-to-end encryption. The DPAs request to strengthen the rights of the private and intimate sphere of patients’ and insured patients’ lives. Resolution on End-to-End Encryption. They request that the public sector takes a leadership role and implements “end-to-end” encryption using the “Online Services Computer Interface (OSCI)” standard developed by the federal state of Bremen.

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

The images include scans of government-issued IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (including CVV), medical insurance cards, medical marijuana ID cards, and more.