Category: Insurance
Las Vegas Shooting Lawsuits: How They Will Impact the Cybersecurity World
Last week, MGM Resorts International filed nine pre-emptive lawsuits against the victims of last year’s mass shooting at the Mandalay Bay Hotel in Las Vegas. MGM, owner of the Mandalay, is asking federal courts around the country to declare that the company is not liable “for any claim for injuries arising out of or related to” the mass attack.
Insurance Industry Cybersecurity Law Moves Closer to Becoming a Reality
The insurance industries in South Carolina and Rhode Island may soon be required to adopt formal data security safeguards, a movement sparked by the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The model law, which NAIC adopted in October 2017, establishes minimum standards for data security applicable to insurance providers. It is part of a growing body of state-level cybersecurity legislation, including the New York State Department of Financial Services regulation issued in March 2017. We blogged about the model law back in January.
M&A and Cyber Diligence: New York’s DFS Issues a Reminder
Over the last year, U.S. companies have been hit with a wave of new data security regulations and agency guidance, ranging from the SEC’s Guidance on Public Company Cybersecurity Disclosures to the European Union’s General Data Protection Regulation (GDPR).
DFS Issues Compliance Certificate “Reminder”
Last week, the New York Department of Financial Services (DFS) sent notices to companies that had not yet certified their compliance with the DFS Cybersecurity Regulation. DFS not-so-gently reminds companies to submit a Notice of Exemption or a Certificate of Compliance. A copy of that notice is now available online.
The DFS Effect: Cyber Meets Sarbanes Oxley
Today, financial institutions with ties to New York are spending their Valentine’s Day learning how to use the New York State Department of Financial Services (DFS) web portal.
Almost a year ago, the DFS unveiled one of the most aggressive efforts in the nation to crack down on cybercrime in the banking and insurance industries. And by tomorrow, more than 3,000 firms are required to file through the agency’s online portal their first ever compliance certificate, swearing that their organization has satisfied the first phase of requirements under the state’s new cybersecurity regulation.
Insurers: Are You Ready for More Cybersecurity Regulation? The National Association of Insurance Commissioners Model Law
At the end of last year, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. The “purpose and intent” of the law is to “establish[] standards for data security and investigation and notification of data security applicable to insurance providers.”
DFS Filing “Reminder” as Deadline Looms
For the several thousand financial institutions and insurance companies covered by New York’s landmark data security regulation, the first certification of compliance must be filed with the State’s Department of Financial Services in less than a month.
Aetna and its Vendor Face Class Action Lawsuit over HIV Disclosure
A Pennsylvania man has filed a class action lawsuit against Aetna Inc., accusing it of violating his privacy rights when the insurer mailed him prescription information in an envelope with a large, clear window that disclosed instructions for filling HIV medication.
Healthcare Insurer Rebuked for Exposing Policyholders’ HIV Status
Two legal advocacy groups have accused Aetna Inc. – the Hartford-based healthcare company – of “gross” breaches of privacy and confidentiality including violations of federal healthcare law when a third-party vendor inadvertently disclosed the HIV status of thousands of the insurer’s customers in a mass mailing.
8th Circuit Finds Standing in Data Breach Case but Dismisses on Pleading Deficiencies
In one of the first federal appellate court rulings following the Ninth Circuit’s decision in Robins v. Spokeo, the Eighth Circuit delivered a pyrrhic victory for customers victimized by a data breach. In Kuhns v. Scottrade, the Eighth Circuit ruled that, although the plaintiff had established standing to pursue a claim against Scottrade, Inc. resulting from a data breach that occurred in 2013, the customer failed to sufficiently allege that the brokerage firm breached its contractual obligations and affirmed dismissal of the case.
DFS Cyber Regulation Countdown: Who Should Certify Compliance?
Companies subject to New York’s Department of Financial Services (DFS) new cybersecurity regulation should be preparing to comply with the first round of requirements by the upcoming August 28th deadline: enacting a cybersecurity program and policies, implementing user access privileges, designating a Chief Information Security Officer (CISO), employing qualified personnel, and implementing an incident response plan.
DFS Cyber Compliance Nightmare?
Detailed survey results indicate compliance is far from reachNew York’s powerful Department of Financial Services (DFS) upended cybersecurity regulation with its new and sweeping “Cybersecurity Requirements for Financial Services Companies,” which took effect on March 1, 2017. But is the financial industry ready and equipped to comply with this detailed regulation? According to a recent survey published by Ponemon Institute and sponsored by Fasoo, the answer is an unequivocal “no.”
DFS Issues Additional Guidance for Cyber Regulation Compliance
New York’s Department of Financial Services (DFS) has issued additional guidance for compliance with the state’s sweeping cybersecurity regulation that went into effect earlier this year. Companies covered by the regulation must comply with the first round of requirements by August 28th.
NYS Cyber Regulation Countdown: Continuous Monitoring
In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.
In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions have a choice. They can either employ “continuous monitoring” or, instead, conduct annual “penetration testing” and bi-annual “vulnerability assessments.”
DFS Cyber Compliance Nightmare?
New survey reports less than half of financial firms will meet deadlineA new survey by the Ponemon Institute reports that less than half of the financial institutions covered by New York’s sweeping new cybersecurity regulation say they will “likely” meet next February’s compliance deadline. And even more stunning is the fact that only 13% of those institutions surveyed reported “with certainty” that they would be in full compliance with the regulation by next year.
NYS Cyber Regulation Countdown: “Risk Assessment” – Now or Later?
In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.
Ninety Days and Counting: NY Cyber Regulation’s First Deadline
Faced with an approaching August 28th deadline, the more than 3,000 financial institutions that do business in New York should be knee-deep in implementing the first wave of requirements under the State’s sweeping and unprecedented cybersecurity regulation.
Dueling Cybersecurity Regulations for Healthcare: HHS Meets New York State
For healthcare insurers that operate in New York, data security regulation has gotten more complicated. The U.S. Department of Health and Human Services’ Office for Civil Rights has been the industry’s primary data security regulator.
New York’s Cyber Regulation: A National Blueprint?
New York’s top banking regulator would like the state’s new sweeping – and highly detailed – cybersecurity regulation to serve as a national model for insurance companies in safeguarding their institutions from cybercrime.
NAIC Model Cyber Law: Yet Another Regulatory Measure
The National Association of Insurance Commissioner’s (NAIC) model cybersecurity law will take center stage later this week at the group’s annual meeting in Denver.
DFS Chief to Address State Insurance Commissioners on NYS Cyber Regulation
New York State Department of Financial Services Superintendent Maria T. Vullo is scheduled to discuss the state’s new “first in the nation” cybersecurity regulation later this week at the National Association of Insurance Commissioners annual meeting in Denver.
Law Firms and Vendors Mandated to Up Their Cyber Game: Final Installment in a 3-Part Series
This is our final installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact on third-party vendors and business partners, including law firms.
Cyber Regulation Demands Board Accountability: Part 2 in a 3-Part Series
This is our second installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. In this installment, we provide an overview of the regulation’s impact on corporate governance and the scope of liability for corporate boards.
Unpacking New York’s Cybersecurity Regulation: Part 1 in a 3-Part Series
This is the first installment in a three-part series examining the New York State Department of Financial Services (“DFS”) new cybersecurity regulation. The Patterson Belknap Privacy and Data Security Team has studied the regulation, its legislative and regulatory underpinnings, and practical consequences.
New York DFS Proposes New Cybersecurity Regulations
DHS Warns of New Ransomware Threats
The Department of Homeland Security (“DHS”) recently issued a joint alert with the Canadian Cyber Incident Response Centre warning of two new ransomware threats behind recent well-publicized attacks against healthcare companies.
Traditional General Liability Policy Covers Medical Records Mishap
A U.S. appeals court yesterday held that a traditional corporate general liability policy triggered an insurer’s duty to defend a class action lawsuit alleging that a medical records company failed to properly secure patient records on its server.
Target’s Cyber Insurance: A $100 Million Policy vs. $300 Million (So Far) In Costs
When it comes to buying cyber insurance, businesses might be right in taking comfort that they have mitigated the financial risks that come with a data breach. Just not all of them.
On the Front Lines of Cybersecurity: The Corporate Challenge
Recent surveys tell us that cybersecurity is the top risk faced by corporate America. The Bank Director’s 2016 Risk Practices survey – out yesterday – disclosed that three quarters of bank executives and board members believe cybersecurity is their top concern. And their general counsel agree. In another recent study, general counsel said that cybersecurity was their top area of organizational risk as well.
Are You Adequately Protected by Your Cybersecurity Insurance? The Sky is the Sub-Limit
For businesses and nonprofit organizations searching for cyber insurance, it is important to know if your coverage limits are adequate. Whether you are in the market for a new policy or renewing an existing one, you should explore whether your policy has a “sub-limit” that places limitations on your losses and liabilities that may be covered.
New York DFS Proposals Focus on Third-Party Vendor Risk
Earlier this month, the New York State Department of Financial Services (“DFS”) announced that it will propose new cybersecurity regulations for financial institutions. The DFS made the announcement in a letter to the Financial and Banking Information Infrastructure Committee — an eighteen member organization headed by the Treasury Department that has already begun tackling cybersecurity issues.
Welcome to Our Blog
We are pleased to announce the launch of Data Security Law Blog, Patterson Belknap’s newest resource for the latest news, analysis and thought leadership in the critical area of privacy and cybersecurity law.
Nonprofits and Cybersecurity: Understanding and Managing the Risks of Cyber Threats
With cybercrime striking everywhere from government agencies to Major League Baseball, each new hack is making headlines, launching inquiries, and triggering lawsuits. Although most of the focus has been on private sector companies and governmental agencies, nonprofit organizations are not exempt (no pun intended) from cyber threats or their consequences. And sadly, it’s only getting worse.