Accountability and Insurance - Cyber Security Informer

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

“Affected insurance providers can contact us to prevent leaking of their own data and [remove it] from the sale,” RansomHub’s victim shaming blog announced on April 16. According to the HIPAA Journal, the biggest penalty imposed to date for a HIPPA violation was the paltry $16 million fine against the insurer Anthem Inc.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

The Last Watchdog

JUNE 11, 2025

Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. Cyber insurers want it. And increasingly, that evidence is under scrutiny.

Insurance

Insurance Cyber Insurance Antivirus CISO

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Digital Shadows

JANUARY 22, 2025

Were thrilled to unveil our latest threat landscape report for the finance and insurance sector, offering in-depth analysis of the evolving cyber threats facing this industry. In this industry, a single compromised account can trigger large-scale phishing campaigns, causing reputational damage, financial losses, and regulatory penalties.

Insurance

Insurance Phishing Social Engineering Engineering

‘Treacherous Territory’: Cyber Experts Warn of Unprecedented Threats

eSecurity Planet

JULY 14, 2025

Airlines, insurance firms, and other industries are finding themselves in the crosshairs of increasingly sophisticated hackers, and experts say both businesses and individuals must act now to avoid falling victim. Insurance and payroll firms also breached Beyond airlines and retailers, insurance and benefits providers are also under siege.

Insurance

Insurance Identity Theft Authentication Artificial Intelligence

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

” Exposed information varies per individual, however, it may include demographic information, medical information, health insurance information, Social Security number, drivers license number, financial information, and other personal or health information that patients provided Anna Jacques.

Data breaches

Data breaches Insurance Healthcare Ransomware

How Solid Protocol Restores Digital Agency

Schneier on Security

JULY 24, 2025

Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. The current state of digital identity is a mess. It’s both redundant and inconsistent. Let’s take healthcare as an example.

Architecture

Architecture Healthcare Insurance Financial Services

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US. Blue Shield a nonprofit health insurer serving nearly 6 million members, used Google Analytics to monitor how customers interacted with its websites to improve services. .”

Insurance

Insurance Data breaches Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses.

Data breaches

Data breaches Healthcare Insurance Passwords

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance

Insurance Accountability Risk Data breaches

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. Insurance Becomes a Necessity The rise of high-profile cyberattacks has led to increased demand for cyber insurance.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Technology

UnitedHealth Confirms 100 Million Affected in Change Healthcare Breach

SecureWorld News

OCTOBER 28, 2024

UnitedHealth, one of the largest health insurers in the United States, had to undertake a lengthy investigation to confirm the scope of the breach, and its findings emphasize the need for agile security operations that can respond quickly to contain threats and protect data.

Healthcare

Healthcare Insurance Government Data breaches

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Social Security Numbers (SSN) Health insurance information CCB is posting lettersalong the lines of this California example to everyone who may be impacted.

Banking

Banking Data breaches Computers and Electronics Insurance

Laboratory Services Cooperative data breach impacts 1.6 Million People

Security Affairs

APRIL 11, 2025

Health Insurance Information: This may encompass plan name, plan type, insurance companies, and member/group ID numbers. “The specific information involved is not the same for everyone.” ” reads the notice of data breach.

Data breaches

Data breaches Insurance Banking Accountability

Richmond University Medical Center data breach impacted 674,033 individuals

Security Affairs

JANUARY 3, 2025

“We discovered unauthorized access to our network that resulted in the unauthorized access to, or acquisition of, certain files by an unauthorized actor.

Data breaches

Data breaches Ransomware Insurance Healthcare

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Malwarebytes

MARCH 25, 2025

That has worried some experts who have pointed out that a new owner could, for instance, hand over customer data to insurance companies to hike up monthly premiums, or to data brokers to power increasingly invasive, targeted advertising. Under Settings , scroll to the section titled 23andMe data. Take your time.

Passwords

Passwords Data breaches Accountability Phishing

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Stuart McClure, CEO, Qwiet AI McClure The SEC’s goal appears to be to hold these companies accountable to investors for any successful cyberattacks and expose the company’s lack of preparation and prevention. Other companies may continue to rely on hiding the ball, scapegoating and relying on insurance to cover the losses.

CISO

CISO CSO Risk Government

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

We need to remember, like every industry, there is huge gap between the dozen or so large Fortune 100 health insurance payers, and the 1 million hospitals and doctors offices. We just have to accept the risks and rely on insurance to recover.'" Let me tell you why it's an impact to rabbit community.'

Healthcare

Healthcare Ransomware Identity Theft Data breaches

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare

Healthcare Data breaches Identity Theft Passwords

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

MAY 15, 2025

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Brass With automated tools, attackers can scan thousands of small business networks in moments, identifying weak points like outdated software or exposed accounts. Carrying cyber insurance that covers downtime, breaches, and ransomware.

Small Business

Small Business Cybercrime Cyber Insurance Phishing

Risk Management and Threat Modeling

Adam Shostack

JULY 21, 2025

We insure fire risk, not “you’re using a penny in the fuse box.” This isn’t to say that executives won’t take security into account, it’s to say that neither the language of risk or the work to quantify risk will drive them. Many technical threats are handled in normal engineering without needing formal risk quantification.

Risk

Risk Engineering Accountability Authentication

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

Threat actors potentially accessed and/or acquired some of customers’ information, including names, Social Security numbers, driver’s license numbers, financial account numbers and health insurance information. At this time, it is unclear if the exposed information includes any donor data.

Data breaches

Data breaches Banking Insurance Hacking

SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns

The Last Watchdog

JULY 30, 2025

The evidence is mounting: •62% of interactive intrusions involved valid account abuse, according to CrowdStrike’s 2023 threat report. With regulatory frameworks like GDPR and HIPAA intensifying scrutiny—and cyber insurers demanding tighter access controls—SPHERE’s platform-based approach is gaining traction. But the world has changed.

Risk

Risk Unstructured Data Accountability Cyber Insurance

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

The event is sponsored by the Federal Trade Commission (FTC), and other participating agencies include the Federal Deposit Insurance Corporation (FDIC), AARP , and the Better Business Bureau (BBB). Secure payment methods Ensure safe processing of financial transactions.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Healthcare Cybersecurity Market Soars: Key Trends and Insights

SecureWorld News

MAY 2, 2025

Many healthcare providers now undergo annual security audits and risk assessments as required by regulators or cyber insurance providers. North America leading in spend and maturity: North America currently dominates the healthcare cybersecurity market, accounting for about 35% of global revenue in 2024.

Healthcare

Healthcare Marketing Cybersecurity CISO

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

The Last Watchdog

MAY 30, 2025

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems.

Risk

Risk Cyber Insurance Accountability Insurance

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. Unfortunately for the organization, the truth was found out. In October 2020, Westend Dental was attacked by the Medusa Locker ransomware group.

Data breaches

Data breaches Ransomware Passwords Insurance

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Security Affairs

APRIL 6, 2025

Musielak warned of the rising threat of mass identity theft, fraudulent credit applications, and fake account creation, which are now more scalable with generative AI. If you’re running KYC in banking, insurance, travel, crypto, or anywhere else its time to upgrade your process. ” added the expert. “ @authologic.

Identity Theft

Identity Theft Insurance Banking Authentication

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

Phishing accounted for nearly 25% of all breaches. The DBIR breaks down breach trends across industries: Financial and Insurance: Heavily targeted by credential stuffing and phishing; fastest detection rates. If those controls are not effective, cyber insurance underwriters might have to pay out. And it's not slowing down."

CISO

CISO Backups Ransomware Risk

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

For instance, organizations can leverage DSPM to detect and catalog personally identifiable information (PII) spread across the organization’s data stores, SaaS services, or multi-cloud accounts. Similarly, GDPR also places great emphasis on implementing measures to prevent unauthorized access or sensitive data exposure.

Data privacy

Data privacy Unstructured Data Risk Data breaches

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.

Ransomware

Ransomware Data breaches Passwords Phishing

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

for stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. By way of example, he suggested maybe a company centered around recovering lost passwords for cryptocurrency accounts, or perhaps a series of online retail stores that sold cheap Chinese goods at a steep markup in the United States.

Advertising

Advertising Cryptocurrency Retail Cybercrime

AI Is Outpacing Cybersecurity, Benchmark Report Shows

SecureWorld News

JULY 24, 2025

The report spotlights the emerging threat posed by non-human identities (NHIs)—autonomous AI agents, APIs, machine accounts, and services operating independently with access to sensitive systems and cryptographic credentials. That's what makes this report so frustrating.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Accountability

Supply Chain Vulnerability Strikes Again in Allianz Life Data Breach

SecureWorld News

JULY 29, 2025

The recent data breach at Allianz Life Insurance Company of North America serves as a reminder of the pervasive threat posed by supply chain attacks, even to seemingly robust organizations. It's part of a disturbing trend of social engineering attacks specifically targeting the insurance sector and other industries. million U.S.

Data breaches

Data breaches Social Engineering Identity Theft Insurance

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Thales Cloud Protection & Licensing

JANUARY 22, 2025

The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, established national standards to safeguard sensitive patient health information (PHI) and prevent unauthorized disclosures. Accountability for Partners : Holding business associates and subcontractors to the same high standards.

Healthcare

Healthcare Cybersecurity Data breaches Encryption

U.S. Medical billing provider Medusind suffered a sata breach

Security Affairs

JANUARY 9, 2025

.” The experts determined that threat actors may have stolen certain files containing different types of information, including health insurance and billing information (such as insurance policy numbers or claims/benefits information), payment information (such as debit/credit card numbers or bank account information), health information (such (..)

Data breaches

Data breaches Insurance Healthcare Banking

Scattered Spider Targets U.S. Critical Infrastructure Through VMware Attacks

SecureWorld News

JULY 28, 2025

Inside the VMware campaign The recent GTIG report details a sophisticated attack chain in which Scattered Spider uses social engineering to compromise accounts with access to VMware infrastructure. He noted that the group is no longer focused on quick account takeovers, but rather full infrastructure compromise.

Social Engineering

Social Engineering Backups Phishing Engineering

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

The way accountability is structured, everything rolls downhill to one person, even when the real issues are baked into the system. Build shared accountability across the C-suite. Tout: It started with patterns I kept hearingfrom friends in the role, from guests on the Candid CISO podcast, and from consulting work. My guidance?

CISO

CISO Risk Cybersecurity Government

Texas Tech University data breach impacted 1.4 million individuals

Security Affairs

DECEMBER 17, 2024

Texas Tech University is notifying individuals whose information may be involved in this incident and out of an abundance of caution in offering them access to complimentary credit monitoring services.

Data breaches

Data breaches Insurance Ransomware Cyber Attacks

New AI “agents” could hold people for ransom in 2025

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. These are real threats, but they are not novel.

Artificial Intelligence

Artificial Intelligence Small Business Malware Technology

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Security Affairs

JULY 24, 2025

Furthermore, the constant growth in data breaches and the requirement for zero-trust architectures are further boosting the use of DSPM.

Marketing

Marketing Data privacy Cloud Migration Healthcare

Nova Scotia Power discloses data breach after March security incident

Security Affairs

MAY 15, 2025

“Notifications are in the process of being mailed to impacted account holders, which includes detailed information about resources and support. For some of our customers, bank account numbers (for pre-authorized payment) may also have been impacted, if this information was provided by these customers.

Data breaches

Data breaches Energy and Utilities Insurance Accountability

Pennsylvania State Education Association data breach impacts 500,000 individuals

Security Affairs

MARCH 20, 2025

The company started notifying potentially impacted individuals.

Data breaches

Data breaches Education Identity Theft Insurance

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Similarly, software bills of materials (SBOMs) underscore the need for better accountability in third-party software. Balonis Frank Balonis , CISO, Kiteworks By 2025, 75% of the global population will be protected under privacy laws, including U.S.

Cybersecurity

Cybersecurity CISO Risk Government

Change Healthcare Breach Hits 100M Americans

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

Trending Sources

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

‘Treacherous Territory’: Cyber Experts Warn of Unprecedented Threats

2023 Anna Jaques Hospital data breach impacted over 310,000 people

How Solid Protocol Restores Digital Agency

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

DNA testing company vanishes along with its customers’ genetic data

Top Cybersecurity Trends to Watch Out For in 2025

UnitedHealth Confirms 100 Million Affected in Change Healthcare Breach

Sperm bank breach deposits data into hands of cybercriminals

Laboratory Services Cooperative data breach impacts 1.6 Million People

Richmond University Medical Center data breach impacted 674,033 individuals

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Healthcare Now Third-Most Targeted Industry for Ransomware

100 million US citizens officially impacted by Change Healthcare data breach

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

Risk Management and Threat Modeling

California Cryobank, the largest US sperm bank, disclosed a data breach

SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Healthcare Cybersecurity Market Soars: Key Trends and Insights

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

Dental group lied through teeth about data breach, fined $350,000

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Why DSPM is Essential for Achieving Data Privacy in 2024

BayMark Health Services sends breach notifications after ransomware attack

An Interview With the Target & Home Depot Hacker

AI Is Outpacing Cybersecurity, Benchmark Report Shows

Supply Chain Vulnerability Strikes Again in Allianz Life Data Breach

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

U.S. Medical billing provider Medusind suffered a sata breach

Scattered Spider Targets U.S. Critical Infrastructure Through VMware Attacks

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

Texas Tech University data breach impacted 1.4 million individuals

New AI “agents” could hold people for ransom in 2025

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Nova Scotia Power discloses data breach after March security incident

Pennsylvania State Education Association data breach impacts 500,000 individuals

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Stay Connected