Information Security, Insurance and Training - Information Management Today

Two States Enact Insurance Data Security Laws

Hunton Privacy

MAY 4, 2022

In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky’s law goes into effect on January 1, 2023.

Insurance

Insurance Security Compliance Cybersecurity

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance

Insurance Security Information Security Cybersecurity

Why Cyber Insurance is Essential in 2022

IT Governance

MAY 24, 2022

One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. These activities aren’t typically included in standard business insurance policies, which tend to only cover costs related to technical issues, such as corrupted hard drives and lost devices. The benefits of cyber insurance.

Insurance

Insurance Data breaches GDPR Ransomware

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Cyber insurance: A guide for businesses

IT Governance

OCTOBER 15, 2020

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance? What is cyber insurance?

Insurance

Insurance Data breaches Risk Security

How to make sure your cyber insurance policy pays out

IT Governance

JULY 15, 2019

Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures.

Insurance

Insurance Data breaches Risk Information Security

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance

Insurance Financial Services Cybersecurity Risk

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Security Affairs

APRIL 29, 2024

Hutcheson allegedly provided irrelevant documents, such as health insurance and auto insurance policies, along with pages from sheriff training manuals, as evidence of authorization to access the data.

Insurance

Insurance Communications Access IT

What are the benefits of cyber security as a service?

IT Governance

DECEMBER 14, 2021

But with cyber security as a service, you can focus on doing what your business does best and let the data protection experts handle the rest. Services typically come with a dedicated team of experts, tools, training and support that can be deployed immediately, protecting you from a range of threats. You’ll save money.

Security

Security Insurance Data breaches Information Security

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

Hunton Privacy

FEBRUARY 29, 2024

Submit its training materials to HHS for approval and provide appropriate training to the workforce within 30 days of HHS approval. Distribute policies and procedures to the workforce and collect compliance certifications from all members. Investigate all likely policy violations.

Ransomware

Ransomware Personal data Risk Privacy

How to Manage Your Cyber Risks

IT Governance

OCTOBER 11, 2022

This process should be embedded within your overall cyber security measures in what experts refer to as cyber defence in depth. The framework consists of five interrelated stages (or ‘layers’) to help organisations manage information security risks across all parts of their business. Why Cyber Insurance is Essential in 2022.

Risk

Risk GDPR Information Security Personal data

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. Companies should have written data privacy and security policies and procedures in place. Insurability.

Security

Security Data Privacy Privacy Data breaches

Is Cyber Essentials Enough to Secure Your Organisation?

IT Governance

JUNE 9, 2022

Organisations that are looking to bolster their information security practices are often advised to certify to Cyber Essentials – and for good reason. Plus, they are relatively easy to apply, with the scheme being designed for anyone to use regardless of their information security knowledge.

Security

Security Insurance Information Security Data breaches

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Automating IT Compliance with Security Compliance Tools.

Data Privacy

Data Privacy Compliance Privacy Security

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

Hunton Privacy

OCTOBER 15, 2021

Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC, over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents.

Data breaches

Data breaches Privacy Insurance Information Security

China Releases National Standard on Personal Information Security

Hunton Privacy

JANUARY 26, 2018

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification divides personal information into two categories: personal information and sensitive personal information.

Information Security

Information Security Security Privacy Personal data

How Defence in Depth Can Help Organisations Tackle Complex Cyber Security Risks

IT Governance

SEPTEMBER 13, 2022

Organisations are continually urged to invest more in defences – whether it’s technological solutions, staff awareness training or revamped compliance practices – but if those solutions aren’t part of a cohesive strategy, the benefits will be minimal. Get in touch today to find out how we can help you secure your success.

Risk

Risk Security Data breaches Phishing

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the original Cybersecurity Regulation in 2017. In the coming weeks, NYDFS will host an upcoming series of training sessions on the amended Cybersecurity Regulation to help regulated entities plan for compliance.

Cybersecurity

Cybersecurity IT Compliance Financial Services

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

The compromised data included contact details, national insurance numbers and bank account details, as well as special category data, including ethnic origin, religion, details of any disabilities, sexual orientation and health information.

Security

Security Personal data GDPR Insurance

How can organisations close the cyber security skills gap?

IT Governance

SEPTEMBER 15, 2021

In theory, this should be no different when it comes to cyber security. Whether it’s a top-level role, such as a CISO (chief information security officer), or a member of the IT team who takes on security-related tasks, there are plenty of job roles suited for varying levels of seniority and experience.

Security

Security Insurance Education Government

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

Armstrong Archives

DECEMBER 19, 2023

No matter the size of a business, a well-defined record retention policy serves multiple purposes: ensuring compliance with legal and regulatory requirements, aiding in efficient document management, and securing sensitive information. This act mandates the retention of financial records and audits for a minimum of five years.

Compliance

Compliance Archiving Digital transformation Sales

HackerOne awarded over $300 million bug hunters

Security Affairs

OCTOBER 30, 2023

62% of hackers plan to train their AI to specialize in the OWASP Top 10 for Large Language Models. HackerOne customers praised the results of the bug bounty programs, 70% of them stated that the bug bounty programs helped them to increase their cyber security and avoid a significant cyber incident.

Blockchain

Blockchain Insurance Risk Security

Generative AI that’s tailored for your business needs with watsonx.ai

IBM Big Data Hub

SEPTEMBER 28, 2023

“Its inherent flexibility and agile deployment capabilities, coupled with a robust commitment to information security, accentuates its appeal.” All Granite foundation models have been trained on enterprise-focused datasets curated by IBM. ” The initial release of watsonx.ai

Risk

Risk Insurance Data collection Libraries

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Cyber Threat Detection: The First Layer of Defence in Depth

IT Governance

SEPTEMBER 20, 2022

Understanding the threats you face and where your organisation is most at risk of being breached is critical to information security. See also: How Defence in Depth Can Help Organisations Tackle Complex Cyber Security Risks Is Cyber Essentials Enough to Secure Your Organisation? Why Cyber Insurance is Essential in 2022.

Phishing

Phishing Data breaches Risk Insurance

How to Protect Your Organisation from a Cyber Attack

IT Governance

SEPTEMBER 27, 2022

Not all organisations need extensive cyber security measures, such as high-end, sophisticated threat detection tools and state-of-the-art technology, but they must have a base level of security that’s appropriate to the threat. Training and professional certification are an ideal place to begin.

Data breaches

Data breaches Government Insurance Risk

Top 5 Cyber Security Risks for Businesses

IT Governance

JUNE 15, 2022

Meanwhile, ISO 27001 is the international standard that describes best practices for information security management. As such, employees should receive staff awareness training to help them understand the risk of downloading files from untrusted sources. The service also comes with cyber insurance coverage of up to £500,000.

Risk

Risk Security Passwords Phishing

The hidden threats facing your intellectual property

IT Governance

SEPTEMBER 4, 2018

Last year, private healthcare giant BUPA suffered a breach affecting 108,000 health insurance policies when a rogue employee copied and removed information from the organisation. The information affected is said to have included names, date of birth, nationalities and insurance membership numbers.

Healthcare

Healthcare Insurance Manufacturing Risk

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

JULY 16, 2021

Contingency planning for relationship terminations.

Risk

Risk Insurance Sales Encryption

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

AUGUST 25, 2021

The group focuses on organizations in the insurance, retail, technology, and chemical industries in the U.S., In the most recent attack investigated by BitDefender, the group conducted reconnaissance on the target network to gather information to use in the attack and conduct lateral movement and privilege escalation.

Retail

Retail Insurance Cybersecurity Phishing

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” Experts warn that the Energy sector was a major focus of this campaign, followed by manufacturing, and insurance. ” continues the report.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

The Safeguards Rule specifies that financial institutions subject to the FTC’s jurisdiction must develop, implement, and maintain a comprehensive information security program for handling customer data. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

It’s Called BadUSB for a Reason

Security Affairs

APRIL 28, 2022

The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and Human Services. The badUSB is just one of many rogue devices used to carry out malicious activities.

Cybersecurity

Cybersecurity Access Insurance Security

5 things you need to know about CIR management

IT Governance

MAY 1, 2018

CIR management can help your organisation mitigate the risk of information security incidents and minimise losses. Incident response planning is mandated as part of all major cyber security regimes. What does cyber incident response (CIR) management do? Benefits of CIR management. Reducing incident impact and response times.

Risk

Risk Information Security IoT Insurance

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

The classic example is the insurer that won’t pay for care that a doctor determines a patient needs. Insurers are about profit; doctors are about delivering the best care. With collaborative videoconferencing: Low-income patients without insurance can use the Emergency Room less often. Information Security.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

Of those surveyed: 36% of businesses and charities that were aware of the GDPR had created or changed policies and procedures; 21% of businesses and 10% of charities had provided additional staff training or communications; and. Just 6% of businesses and 12% of charities had installed, changed or updated anti-virus or anti-malware software.

GDPR

GDPR Government Education Compliance

Secure Together: Britons scammed out of £3.5 million and essential services under attack

IT Governance

MAY 20, 2020

Palo Alto Networks has discovered that healthcare agencies, governments, universities with medical centres, medical publishing firms and insurance companies across the UK, Australia, Canada, Italy and the US have been targeted by sophisticated scams. The post Secure Together: Britons scammed out of £3.5 Phishing scams.

Security

Security Phishing Insurance Risk

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 million individuals. Notably, the lawsuit was the first-ever multistate litigation alleging claims under HIPAA.

Data breaches

Data breaches IT Insurance Privacy

Record Data Breach Settlement in Anthem Class Action

Hunton Privacy

JUNE 26, 2017

the nation’s second largest health insurer, reached a record $115 million settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. On June 23, 2017, Anthem Inc.,

Data breaches

Data breaches Insurance Information Security Compliance

Know your enemy – understanding the 7 different types of data breaches

IT Governance

OCTOBER 17, 2018

We’re all guilty of making mistakes – it’s human nature – but employees need to understand the most important elements of information security, and non-technical staff need to be made familiar with security awareness policies and procedures. Cyber attack/criminal hacker.

Data breaches

Data breaches Ransomware Security awareness Insurance

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Training and monitoring materials. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

APRIL 18, 2017

Ultimately, the chief information security officer (CISO) needs to understand the information footprint across systems, determine the value/risk of loss, and protect against cyberattacks through the deployment of control activities, which are commensurate with the value/risk of these information systems.

Government

Government Cybersecurity Insurance Information governance

OCR 2020 Settlements Target HIPAA Security Rule Non-Compliance

Data Matters

AUGUST 27, 2020

Department of Health and Human Services, Office for Civil Rights (“OCR”) has settled three cases related to alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”), totaling $1,165,000. These settlements underscore OCR’s continued focus on enforcement of the HIPAA Security Rule.

Compliance

Compliance Security Risk Encryption

Two States Enact Insurance Data Security Laws

Vermont Enacts Insurance Data Security Law

Webinars

Trending Sources

Why Cyber Insurance is Essential in 2022

Webinars

Cyber insurance: A guide for businesses

How to make sure your cyber insurance policy pays out

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

What are the benefits of cyber security as a service?

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation

How to Manage Your Cyber Risks

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

Is Cyber Essentials Enough to Secure Your Organisation?

Security Compliance & Data Privacy Regulations

New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

China Releases National Standard on Personal Information Security

How Defence in Depth Can Help Organisations Tackle Complex Cyber Security Risks

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

How can organisations close the cyber security skills gap?

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

HackerOne awarded over $300 million bug hunters

Generative AI that’s tailored for your business needs with watsonx.ai

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Cyber Threat Detection: The First Layer of Defence in Depth

How to Protect Your Organisation from a Cyber Attack

Top 5 Cyber Security Risks for Businesses

The hidden threats facing your intellectual property

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

A massive phishing campaign using QR codes targets the energy sector

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

It’s Called BadUSB for a Reason

5 things you need to know about CIR management

Information Management in the Not-So-Distant Future of Health Care

Government survey reveals GDPR awareness is falling short

Secure Together: Britons scammed out of £3.5 million and essential services under attack

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Record Data Breach Settlement in Anthem Class Action

Know your enemy – understanding the 7 different types of data breaches

NYDFS settles cybersecurity regulation matter for $3 million

Why Cybersecurity Pros Should Care About Governance

OCR 2020 Settlements Target HIPAA Security Rule Non-Compliance

Stay Connected