Tag: insurance
-
Boards Challenged to Embrace Cybersecurity Oversight
Integrating Cyber Risk into Business Risk Decisions Cybersecurity failures are now business risks that CEOs and Boards must own. The world of business owners, investors, and their representatives are collectively realizing the potentially catastrophic impacts of cybersecurity incidents if not incorporated into the strategic management of the most senior business leadership. Many regulatory bodies, insurance…
-
FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow
Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-alarmed-medusa-ransomware-attacks-grow
-
More than 300 critical infrastructure orgs attacked by Medusa ransomware
An advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Wednesday said the group and its affiliates have attacked organizations in the medical, education, legal, insurance, technology and manufacturing industries. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-targeting-critical-infrastructure-orgs
-
Majority of ransomware claims involved compromise of perimeter security devices
A report by cyber insurance firm Coalition shows six of every 10 ransomware claims involved compromised VPN or firewall. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-compromise-perimeter-devices/742158/
-
New York Sues Insurance Giant Over Data Breaches
The New York Attorney General sued National General and its parent company Allstate over two data breaches. The post New York Sues Insurance Giant Over Data Breaches appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-york-sues-insurance-giant-over-data-breaches/
-
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/allstate_sued_pii_exposure/
-
Mangelhafte Cybersicherheit im Gesundheitswesen
Tags: access, ai, chatgpt, compliance, cyberattack, cyersecurity, data, endpoint, exploit, HIPAA, insurance, ransomware, resilience, risk, service, usa, vpn, vulnerability, vulnerability-management, windows15 Prozent der Endgeräte im Gesundheitssektor haben keine oder nicht-übereinstimmente Sicherheits- und Risikokontrollen.Laut dem aktuellen Horizon Report 2025 wurden im Jahr 2024 weltweit 183 Millionen Patientendaten kompromittiert. Das ist ein Anstieg von neun Prozent im Vergleich zum Vorjahr. Doch weshalb fällt es für Gesundheitseinrichtungen so schwer, sich ausreichend vor Ransomware-Angriffen zu schützen?Um das herauszufinden, hat…
-
Microsoft Introduces 365 E5 Security Add-On for Business Premium Customers
Microsoft has launched Microsoft 365 E5 Security as an add-on to its Business Premium suite, providing small and medium-sized businesses (SMBs) with advanced tools to combat escalating cyber threats. The offering integrates enterprise-grade security features at a 57% cost savings compared to standalone purchases, addressing evolving regulatory and cyber insurance demands1. Enhanced Identity Protection and…
-
What is risk management? Quantifying and mitigating uncertainty
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
Third-Party Risk Tops Cybersecurity Claims
Data collected by cyber insurers shows that ransomware accounts for the majority of insurance claims, but much of the losses stem from third-party breaches affecting policyholders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims
-
Third-Party Risk Top Cybersecurity Claims
Data collected by cyber-insurers show that ransomware accounts for the majority of insurance claims, but that much of the losses stem from third-party breaches affecting policyholders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/third-party-risk-top-cybersecurity-claims
-
DOGE Access to Personal Information and The Difficulty of Showing Harm in Privacy Litigation
If a company has effective insurance, prevention becomes even less cost-effective. By failing to “value” privacy alone, the system skews in favor of not protecting privacy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/doge-access-to-personal-information-and-the-difficulty-of-showing-harm-in-privacy-litigation/
-
Third-Party Attacks Drive Major Financial Losses in 2024
Data from Resilience found that third-party attacks made up 23% of material cyber insurance claims in 2024, with ransomware attacks targeting vendors a major driver First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/third-party-financial-losses/
-
How to create an effective incident response plan
Tags: access, advisory, attack, backup, breach, business, ceo, ciso, communications, corporate, cyber, cybersecurity, email, endpoint, exploit, finance, governance, guide, incident, incident response, insurance, law, lessons-learned, malicious, monitoring, network, office, phone, ransomware, risk, security-incident, service, strategy, supply-chain, technology, threat, updateEstablish a comprehensive post-incident communications strategy: Another key element that can make or break an incident response strategy is communications. Without clear communications among the major stakeholders of the business, a company might experience much longer downtimes or the loss of vital processes for extended periods.”How are you going to go about communicating? With whom?…
-
Global tech spend to approach $5 trillion this year: Forrester
The U.S. market is expected to exceed $2 trillion for the first time, with financial services and insurance leading the charge, the analyst firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/tech-spend-software-forrester/740632/
-
Court: UnitedHealth Must Answer for AI-Based Claim Denials
Lawsuit Alleges Insurer Used AI Tool in Denying Patients Medically Necessary Care. A proposed class action lawsuit against UnitedHealth Group that claims the company’s insurance unit UnitedHealthCare used of artificial intelligence tools to deny Medicare Advantage claims for medically necessary care has the green light to proceed from a federal judge First seen on govinfosecurity.com…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
UK monitoring group to classify cyber incidents on earthquake-like scale
Risk management: The CMC hopes this increased understanding will spur the development of improved incident response planning. Experts quizzed by CSO on CMC welcomed its launch.Ivan Milenkovich, vice president of cyber risk technology in EMEA at Qualys, said data from the CMC has the potential to allow IT security professionals to make better risk assessments,…
-
New UK Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks
This new independent non-profit was set up by the UK insurance industry to bring more transparency around cyber events First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-uk-cyber-monitoring-centre/
-
21% of CISOs pressured to not report compliance issues
Tags: awareness, breach, business, ceo, ciso, compliance, control, corporate, cybersecurity, data, dora, finance, framework, governance, incident response, infrastructure, insurance, law, nis-2, regulation, resilience, risk, security-incident, trainingCISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.To wit: One in five (21%) security leaders have been pressured by other executives or board members not to report compliance issues at their companies, according to a recent study by security vendor Splunk.The same…
-
What 2025 HIPAA Changes Mean to You
Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerabilityWhat 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
-
HIPAA Cybersecurity Requirements and Best Practices
The Health Insurance Portability and Accountability Act (HIPAA) mandates a stringent framework for protecting sensitive patient information. These standards form the foundation of cybersecurity measures within the healthcare sector, ensuring… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/hipaa-cybersecurity-requirements-and-best-practices/
-
Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users
Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that exposed the personal and health-related information of over 850,000 users. The company disclosed the incident in a recent filing with the U.S. Securities and Exchange Commission (SEC), reporting that the breach resulted from an extortion attempt by an unknown threat actor.…
-
Insurance Company Globe Life Notifying 850,000 People of Data Breach
Insurance firm Globe Life says a threat actor may have compromised the personal information of roughly 850,000 individuals. The post Insurance Company Globe Life Notifying 850,000 People of Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/insurance-company-globe-life-notifying-850000-people-of-data-breach/
-
Texas AG warns Kia about sharing driver information with data brokers
Texas told the auto manufacturer Kia America that it is violating the state’s new data privacy law because it allegedly sells sensitive driver information to third parties without informing consumers that the data can be used to hike their insurance premiums. First seen on therecord.media Jump to article: therecord.media/texas-warns-kia-about-sharing-driver-info-to-data-brokers
-
National security risks in routers, modems targeted in bipartisan Senate bill
A separate piece of bipartisan Senate legislation would create a cyber insurance working group. First seen on cyberscoop.com Jump to article: cyberscoop.com/routers-modems-national-security-risks-senate-bill/
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
American National Insurance Company data likely stolen in MOVEit hack exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/american-national-insurance-company-data-likely-stolen-in-moveit-hack-exposed
-
Change Healthcare Now Counts 190 Million Data Breach Victims
Cost of Attack Has Reached $3.1 Billion for Parent Company UnitedHealth Group. One of the biggest data breaches of 2024 is even worse than previously reported, as the tally of Change Healthcare breach victims has now reached 190 million individuals, and costs tied to the attack $3.1 billion, according to its owner, U.S. health insurance…