The Office of Civil Rights (OCR) announced in a press release this week that Anthem, Inc. (Anthem), one of the nation’s largest health benefit companies, has agreed to pay $16 million and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. This settlement
Cyber Attack
When was the last time you looked at RDP access?
A presentation at Black Hat recently revealed that the creators of the “SamSam” ransomware have netted over $6M to date, attacking mostly medium-to-large public and private sector organizations. And they’re showing no signs of slowing down.
In the most recent SamSam attacks, the attackers concentrated their efforts on brute-force hacking of weak passwords on devices…
New threat targeting old medical imaging equipment
Health care providers and suppliers should be wary of the “Orangeworm” threat, an implementation of malware out in the wild that’s gathering information off of compromised medical equipment, especially old systems where file shares and Windows XP are still in use:
While this group seems to be limiting their actions to reconnaissance and compromising…
How does your leadership remain aware of cyber security threats?
Some notable stats showed up in the recently-released 2017 Veracode State of Software Security report: while “nearly a third (29 percent) of survey respondents indicated that they are actively pursuing digital transformation projects [and] … a further 29 percent stated that they are either planning for or considering digital transformation projects for the future,”…
Cyber thieves will target anything they can hold for ransom
Back in August, the Associated Press ran this article profiling how a North Carolina manufacturer has been attacked twice by cyber criminals looking to install malware and cripple the “just-in-time” nature of their operations so that they’d be willing to pay a ransom to return to production. While this manufacturer avoided paying the ransom so…
Encryption vulnerability in WiFi Protected Access II (WPA2)
WPA2 is the “secure” implementation option used by the vast majority of enterprise WiFi systems – other protocols have their own security issues, which is why everyone moved to WPA2. Unfortunately, researches have found a way to break that security.
The good news is, for most attacks the attacker has to be on the…
Hacking vs. Phishing – and Why the Difference is Important for Cyber Insurance Coverage
As you work to finalize your cyber insurance riders or supplemental policies, it’s important to pay attention to the language around what is specifically covered. To ensure you’re receiving the coverage desired, the first step is to understand the difference between hacking and phishing, and how this is being applied to your policy, and to ensure the language is mutually interpreted as clearly and uniformly as possible.
Hacking is the use of exploits and vulnerabilities to gain access to and extract information from, disrupt or tamper with a computer system. Hackers break into a system and take information.
Phishing is the use of social engineering via e-mail to trick the recipient into revealing personal or confidential information, or granting access to a computer system either directly or through the installation of malicious software. Phishers convince you to let them into a system or give them information.
Why is this so important to your cyber coverage? Because there’s been some fairly significant litigation around these differences that has supported both the upholding and denial of coverage. Here are 3 examples of cases where interpretation of the rider/supplemental policy language led to litigation:
Universal American Corp. v. National Union Fire Insurance Co., 37 N.E. 3d 78 (N.Y. June 25, 2015)
Continue Reading Hacking vs. Phishing – and Why the Difference is Important for Cyber Insurance Coverage