Security Affairs

JUNE 2, 2023

In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to determine the extent of the incident.

Ransomware 87

Ransomware Insurance Data breaches Cybersecurity 87

Security Affairs

JUNE 12, 2023

The Clop ransomware group has stolen stole personal and health information of 489,830 individuals as a result of a ransomware attack on the technology firm Intellihartx. Intellihartx is not aware of any misuse of the stolen information.

Data breaches 87

Data breaches Ransomware Insurance Data Privacy 87

Information Governance Perspectives

MAY 10, 2020

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Privacy makes data governance ethical and tangible, and compliance leaders understand that.

Compliance 52

Compliance Information governance Privacy Data Privacy 52

Security Affairs

MARCH 17, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 106

Data breaches Security Computer and Electronics Ransomware 106

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity 68

Cybersecurity Privacy Data breaches GDPR 68

Security Affairs

APRIL 25, 2021

Every week the best security articles from Security Affairs free for you in your email box. A member of the FIN7 group was sentenced to 10 years in prison Is BazarLoader malware linked to Trickbot operators? A new round of the weekly SecurityAffairs newsletter arrived!

Security 81

Security Ransomware Insurance Privacy 81

Data Matters

JANUARY 8, 2019

The HICP is not limited to individually identifiable health information but instead covers organizations’ enterprise-level information security more generally. Healthcare industry stakeholders may wish to consider whether to participate in the task group.

Cybersecurity 74

Cybersecurity Insurance Phishing Government 74

IT Governance

MARCH 1, 2022

The hacking group Anonymous has been more aggressive, launching attacks across Europe to give Vladimir Putin “a sip of his own bitter medicine”. First, Russia targeted banks and government departments, then Ukraine hit back, attacking the Moscow stock exchange. The post List of data breaches and cyber attacks in February 2022 – 5.1

Data breaches 134

Data breaches Ransomware Government Blockchain 134

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. banks) would have this role in their executive leadership team.

Security 226

Security Marketing Cybersecurity Data breaches 226

Hunton Privacy

OCTOBER 25, 2022

On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020.

Security 97

Security Personal data GDPR Insurance 97

DLA Piper Privacy Matters

OCTOBER 25, 2022

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months.

Security 52

Security GDPR Personal data Insurance 52

Hunton Privacy

SEPTEMBER 15, 2011

On September 12, 2011, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (“ONC”) unveiled a model privacy notice for personal health records (the “PHR Model Privacy Notice”).

Privacy 40

Privacy Healthcare Insurance Personal data 40

IBM Big Data Hub

JULY 7, 2023

Data protection and data privacy Data protection , defined as protecting important information from corruption, damage or loss, is critical because data breaches resulting from cyberattacks can include personally identifiable information (PII), health information, financial information, intellectual property and other personal data.

Security 40

Security Data breaches Data Privacy Compliance 40

Hunton Privacy

JANUARY 25, 2017

Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) relating to a breach of protected health information (“PHI”) contained on a portable storage device. On January 18, 2017, the U.S.

Security awareness 40

Security awareness Insurance Risk Compliance 40

Hunton Privacy

APRIL 8, 2016

On April 4, 2016, Hunton & Williams LLP announced the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident.

Security 40

Security Cybersecurity Risk Insurance 40

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication 68

Authentication Paper Risk Insurance 68

Hunton Privacy

JUNE 7, 2012

Attorney General Coakley filed a suit against South Shore Hospital based on violations of the Massachusetts Consumer Protection Act and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Belmont Savings Bank and Briar Group, LLC.

Data breaches 40

Data breaches Privacy Insurance Education 40

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. The consultation closes on 17 April.

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

Data Matters

OCTOBER 8, 2020

September 2019: the North Korea-sponsored Lazarus Group, creator of WannaCry 2.0. Informs victims of ransomware and their financial institutions of OFAC’s license approval policy in situations where the victim determines that the payee/attacker is a designated party, which is a case-by-case review with a presumption of denial.

Ransomware 68

Ransomware Compliance Risk Government 68

Hunton Privacy

OCTOBER 28, 2016

The month before the Cybersecurity Guidance was released, the Energy and Commerce Committee sent NHTSA a letter raising questions concerning cybersecurity risks related to On Board Diagnostics (“OBD-II”) ports, calling on NHTSA to establish an industry-wide working group on the subject.

Cybersecurity 40

Cybersecurity Energy and Utilities Manufacturing Insurance 40

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023.

Data breaches 122

Data breaches Insurance Personal data Ransomware 122

eSecurity Planet

MAY 30, 2024

Change Healthcare Ransomware The United Healthcare Group (UHG) acquisition of Change Healthcare in 2022 started paying the wrong type of dividends this February when stolen credentials led to over $870 million in damages. million patient’s information caused by a third party tracker installed on the Kaiser patient portal.

Cybersecurity 123

Cybersecurity Ransomware Data breaches Risk 123

Security Affairs

FEBRUARY 8, 2024

Cyber Insurance: US cyber insurance premiums soared by 50% in 2022, reaching $7.2 million unfilled cyber security jobs, showing a big need for skilled professionals. Market Growth: AI cyber security technology is projected to grow by 23.6% Data Breach Costs: The average global cost of a data breach in 2023 was $4.45

Security 123

Security Phishing IoT Ransomware 123

Data Matters

FEBRUARY 10, 2022

1 Chair Gary Gensler, Cybersecurity and Securities Laws , SEC (Jan. 10 Reg SCI also applies to the securities information processors that produce consolidated market data for NMS securities, including competing consolidators under the SEC’s new market data infrastructure rules once implemented. 24, 2022), [link].

Cybersecurity 88

Cybersecurity Marketing Risk Compliance 88

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR 40

GDPR Personal data Compliance Data breaches 40

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. US food giant Mondelez sued insurance company Zurich American for denying a $100 million (£77 million) claim filed after the NotPetya attack. OGusers, a popular forum among cyber criminals, was raided by a rival group.

Data breaches 69

Data breaches GDPR Passwords Personal data 69

Hunton Privacy

FEBRUARY 12, 2013

Additionally, the Department of Homeland Security (“DHS”) will expand a current program, presently focused on sharing classified cyber threat information with defense companies, to include a broader group of critical infrastructure companies. This expanded program will be known as “Enhanced Cybersecurity Services.”.

Cybersecurity 40

Cybersecurity Risk Compliance Government 40

eSecurity Planet

APRIL 26, 2024

These controls include: Active Directory (AD): Manages users, groups, and passwords as a fundamental access control for an organization and the basis for most other security tools. Defense in Depth Defense in depth assumes that any single security control may fail.

Security 120

Security Cloud Cybersecurity Risk 120

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Designing an Enterprise-Level Approach.

Cybersecurity 60

Cybersecurity Risk Passwords Authentication 60

Privacy and Cybersecurity Law

MARCH 23, 2018

The Dentons Privacy and Cybersecurity Group operates at the intersection of technology and law, and has been singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group. . Is this confidence misplaced?

Cybersecurity 40

Cybersecurity Artificial Intelligence Data breaches IoT 40

IT Governance

APRIL 29, 2024

The company has fixed the issue, blaming it on a vulnerability in the app’s groups feature. iSharing is used by more than 35 million users. Data breached: >35 million people’s data. 117 of them are known to have had data exfiltrated, exposed or otherwise breached. Source (New) Engineering USA Yes Unknown WRA Architects, Inc.

Data Privacy 94

Data Privacy Privacy Manufacturing Security 94

The Last Watchdog

FEBRUARY 25, 2019

So along came a group of startups supplying “single sign-on” capability – a way for a user to access multiple applications with one set of credentials. Compliance became a huge driver for governance and attestation,” Curcio said. “It It has become vital to ensure you have proper controls on your systems.

Access 169

Access Government Authentication Data breaches 169

Security Affairs

JULY 18, 2022

As proof of the hack, the group published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump. The Russian hacking group claimed the information published, involving about 11,000 of Graff’s clients, represents just one percent of the stolen files. Graff decided to pay a £6m ($7.5

Insurance 99

Insurance IT Ransomware Privacy 99

KnowBe4

MARCH 14, 2023

The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. I'm giving you a short extract of the story and the link to the whole article is below.

Phishing 88

Phishing Security Artificial Intelligence Security awareness 88

Thales Cloud Protection & Licensing

OCTOBER 10, 2018

Think TV licenses and car insurance, for example. There has never been more public awareness around the importance of data security – between the Cambridge Analytica scandal and hundreds of GDPR ‘opt-out’ notifications – the topic has been on our front pages and at the top of our inboxes for a while.

GDPR 76

GDPR Security Marketing Data breaches 76