The Change Healthcare ransomware attack that was first disclosed in February 2024 continues to cause problems and make headlines. HIPAA Journal reports on the financial impact: The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report. Revenues in the third quarter increased by 9% year-over-year […]
The Record reports: Insurance firm Globe Life is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary. The company told regulators at the U.S. Securities and Exchange Commission (SEC) that it reported the incident to federal law enforcement. “Based on the Company’s investigation to date, which remains ongoing, the Company […]
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]
Risk & Insurance reports: Cyber insurance claims, particularly those related to data and privacy breaches, have seen a significant increase in the first half of 2024, with the U.S. accounting for 72% of large claims in H1 2024, according to Allianz Commercial’s annual cyber risk outlook. The frequency of large cyber claims — those in […]
Threat actors known as Scattered Spider are reportedly turning their attention to the financial sector, hitting banks and insurance groups. Resilience Cyber Insurance Solutions, which has been tracking the group, reports they have targeted 29 companies since April 20. Scattered Spider is the group that was previously linked to disrupting casinos and hotels such as MGM […]
On October 17, 2023, First Financial Security, Inc. (“FFS”_ was the victim of a ransomware attack. The Georgia insurance agency recently notified those affected by the incident that the attack appeared to be an attempt to access and lock all data, including both sensitive and non-sensitive data. “Thankfully, the ransomware attack was not successful in […]
On November 28, the New York State Department of Financial Services (DFS) issued a press release about a settlement stemming from a 2019 data breach: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for […]
At least five class-action lawsuits were filed last week against the two Las Vegas entertainment giants following data breaches reportedly by the same group of threat actors. As Digital Insurance reports, Okta, an identity and access management company used by both firms, issued an advisory in August about hackers tricking IT service staff into resetting […]
In the matter of Remprex, LLC v. Certain Underwriters at Lloyd’s London, policyholder Remprex was thrust into two separate class actions, both involving alleged violations of the Biometric Information Privacy Act (“BIPA”). Remprex could not receive coverage under their media liability policy due to an exclusion of coverage for losses arising from the unlawful collection or […]
Do you know what your cyber policy covers? (Southwest Airlines v. Liberty Insurance Underwriters)
An article by attorneys at Barnes & Thornburg LLP discusses a court case that serves as a useful reminder of how provisions of cyber policies may be interpreted when it comes to coverage of cyber-related incidents — even when those incidents are not data breaches. In 2016, Southwest Airlines suffered a computer system failure that […]