On June 5-6, 2023, the NAIC Privacy Protections (H) Working Group (“PPWG”) held an in-person interim meeting (“session”) to continue its work on drafting a new model privacy law, the Insurance Consumer Privacy Protection...more
In a December 2022 bulletin published by the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS), HHS made clear that the use of third-party tracking technologies by covered entities and business...more
1/19/2023
/ Covered Entities ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
Mobile Apps ,
OCR ,
PHI ,
Risk Management ,
Technology ,
Third-Party ,
Tracking Systems ,
Web Tracking
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
9/2/2022
/ Covered Entities ,
Cybersecurity ,
Enforcement ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Notice Requirements ,
NYDFS ,
Policies and Procedures ,
Popular ,
Second Amendment ,
Third-Party Service Provider
In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and...more
The first half of 2022 brought plenty of activity in the data privacy and cybersecurity space, much of which is applicable to or of interest to the insurance industry. We outline some of this activity below.
Revisions to...more
On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary...more
Our latest briefing examines the latest signal that the Federal Trade Commission is considering rulemaking, a groundbreaking settlement between the Justice Department and Meta over allegedly discriminatory algorithms,...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to...more
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the...more
The televised “thud” of explosions in Ukraine has an ominous but deceptively distant tone. For many organizations the hostilities are closer at hand, in the form of cyberattacks that could spread beyond the Russian-Ukrainian...more
On December 22, 2021, Gov. Kathy Hochul signed Senate Bill S653A, relating to electronic delivery of property/casualty insurance notices. This bill amends the New York Insurance Law by adding section 3458, which takes effect...more
With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor...more
On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this...more
12/20/2021
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
OMB ,
Popular ,
Proposed Legislation ,
Risk Management
Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or...more
A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours...more
As part of its effort to revamp and modernize the Model Laws, the NAIC is updating the Long-Term Care Insurance Model Act, Model 640-1, and the Long-Term Care Insurance Model Regulation, Model 641-1 (combined, the Models)....more
The Ninth Circuit’s recent decision in Bafford v. Northrop Grumman (April 15, 2021) affirmed the district court’s dismissal of the plaintiffs’ breach of fiduciary duty claims under ERISA but vacated the district court’s...more
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to...more
The year 2021 continues to reveal an alarming rise in ransomware attacks. Two of the most notable of such attacks include the ransomware attack on CNA Financial Corp., with resulting payment of $40 million in ransom, and the...more
6/17/2021
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Financial Institutions ,
Hackers ,
Healthcare ,
National Security ,
New Legislation ,
Ransomware
The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model...more
The Homeland and Cyber Threat Act (HACT) was introduced in the U.S. House on March 12, 2021. This bill would allow U.S. citizens to sue foreign governments, agents and officials and to collect monetary damages for personal...more
5/20/2021
/ Citizen Suits ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Foreign Agents ,
Foreign Governments ,
Foreign Official ,
Foreign Sovereign Immunities Act of 1976 (FSIA) ,
Hackers ,
Legislative Agendas ,
Proposed Legislation
On April 2, the U.S. Department of Labor released highly anticipated new Mental Health Parity and Addiction Equity Act (MHPAEA) FAQs on comparative analyses requirements. These FAQs follow the February 10, 2021, effective...more
Denying a petition for a writ of mandamus, a Ninth Circuit panel has held that the district court properly enforced a forum selection clause contained in an ERISA-sponsored 401(k) plan in litigation regarding the alleged...more
As insurance companies continue to examine their compliance with current privacy and cybersecurity regulations, new state laws and proposed federal bills add another level of complexity to the landscape.
Federal -
The...more