You can take necessary cybersecurity countermeasures for your system but will that be enough?
Of course not. Quite many organizations overlook the security of their third-party service providers, which can lead to significant financial and reputational damage.
"Landmark, a Texas-based third-party insurance administrator, has disclosed a data breach that affects more than 800,000 individuals. The incident was detected in May; the compromised data include names, Social Security numbers, tax ID numbers, drivers’ license and state-issued identification card numbers, passport numbers, bank account and routing numbers, medical information, health insurance policy information, dates of birth, and/or life and annuity policy information..." (OMG! What else?)
See the link below for the summary of the breach:
"The Texas-based company works as a third-party administrator for insurance carriers like Liberty Bankers Insurance Group (LBIG), which includes American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company."
"The breach notification letters note that the first incident occurred on May 13, when an IT team discovered “suspicious activity” that required them to disconnect the affected systems and hire a third-party cybersecurity firm.
An investigation revealed that “there was unauthorized access to Landmark’s network and data was encrypted and exfiltrated from its system.” The hackers were in Landmark’s systems from May 13 to June 17." (The hackers were in the system for more than one month.)
"Landmark told regulators in Maine that 806,519 people were affected in total but they also filed documents in California and Texas, warning that about 68,000 Texans were impacted.
Insurance companies and their partners or subsidiaries are frequent targets for cyberattacks eager to steal volumes of sensitive health-related data. Last week, insurance firm Globe Life told the U.S. Securities and Exchange Commission that is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary."
No comments:
Post a Comment