Humana‘s name has been popping up too much in my breach news searches recently. I noted two incidents in December involving Humana (one theft report and one hack involving Family Physicians Group (now Humana). Now I’ve spotted a third incident report, although this one is a breach involving a business associate. According to a notification…
Category: U.S.
Exclusive: National Life Group denies claim by thedarkoverlord that they were hacked; independent insurance agency appears to be the actual victim
Hackers claimed to have hacked hundreds of thousands of records from National Life Group, but investigation points to Sterling National Financial Group as the likely hacked entity The blackhat hacker/extortionist(s) known as thedarkoverlord (TDO) ended 2018 and welcomed 2019 with a number of bold announcements about large hacks. One of those announcements was their claim in a since-removed paste that…
Double whammy: BCBS of Michigan policyholders hit by two breaches in December
December appears to have been a rough month for Blue Cross Blue Shield of Michigan. Yesterday, I discovered that they had a second breach that was disclosed last month, although it seems to have flown under most media radar. The first breach, fairly widely reported already, involved a laptop stolen from a subsidiary’s employee that…
Ransomware, phishing attacks top new HHS list of cyberthreats in healthcare
Eli Richman reports: Email phishing attacks, ransomware attacks and attacks against connected medical devices are among the greatest cyberthreats that health systems need to protect against, according to new cybersecurity guidance for health systems from the Department of Health and Human Services.Released last week, the Health Industry Cybersecurity Practices were released to help the industry identify…
Data leak shuts down Alaska’s PFD application website
KTUU reports that Alaska’s Permanent Fund Dividend web site is down and will remain down for now while the state investigates and remediates a data leak. ANCHORAGE, Alaska (KTUU) — Update: 10:27 p.m.:The Alaska Department of Revenue will not reopen the Permanent Fund Dividend application website until the integrity of filer information can be guaranteed, according…
Ohio Moves on Insurance Cybersecurity
Josephine Cicchetti of Carlton Fields writes: Ohio has joined South Carolina in becoming the next state to adopt a variation of the NAIC Insurance Data Security Model Law (“MDL-668”). This legislation makes a number of changes to Ohio’s insurance law, including the addition of a new Chapter 3965, which establishes “standards for data security and…