Valuable insights and thought leadership.
- Breadcrumb News
- In The News
Let’s face it: 2017 was a rough year for cybersecurity.
Large-scale hacks were revealed one after another in the year that nothing seemed safe. These cyberattacks highlighted the alarming vulnerability of our personal information in a world where everything is stored online and subject to hacking.
A reintroduced Senate bill is addressing a timely topic. The bill aims to make it a crime, punishable by up to five years in prison, if companies knowingly conceal a data breach. After a year of high-profile cyber attacks, like the Equifax breach, and news that Uber concealed a breach impacting 57 million users for a year, Sen. Bill Nelson, is reviving a previously unsuccessful bill called the “Data Security and Breach Notification Act.”
In fact, a recently released 2017 data breach report from Risk Based Security (RBS), a provider of real time information and risk analysis tools, revealed a 305% increase in the number of records exposed in data breaches in the past year compared to 2016.
The growing threat of hackers and cybercriminals targeting government agencies has led a number of states to purchase cyber insurance to protect themselves – and their constituents.
As massive data breaches like Yahoo and Equifax dominate news headlines, a growing number of businesses have rushed to purchase cyber insurance policies. Last year, insurers wrote $1.35 billion in premiums, a 35% jump from 2015, according to Fitch Ratings.
Now, US states have begun following suit. In a survey of state CIOs, 38% reported having some type of cyber insurance this year, compared to 20% in 2015.
Santa Barbara, California-based Cottage Health System has agreed to a $2 million settlement with the state attorney general resolving allegations that the health system failed to implement “basic, reasonable safeguards to protect patient medical information”, which led to the exposure of nearly 55,000 medical records.
According to California Attorney General Xavier Becerra, the health system’s failure to protect patient medical information violated state and federal privacy laws. The state alleged the health system failed to adequately protect patient records.
In December 2013, Cottage Health was notified its patients’ records were accessible online, as one of its servers that contained 50,000 patient records was left unencrypted. Worse yet, there was no password protection, firewalls or permissions to prevent unauthorized access. Exposed information included medical history, diagnosis, laboratory test results, and medications.