Breaches Piling Up, Got Insurance?

It just doesn’t stop.  Every day there are more and more breach reports.  I am not looking forward to the end of year breach reports that will show this year as particularly bad.  Here is what I have in my Inbox this morning:

  • Southern California Medical-Legal Consultants, Inc. (SCMLC) represents medical providers in the recovery of billing from workers’ compensation insurance carriers.  SCMLC has announced that the names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits have been exposed to unauthorized access.  The company was notified of the possible breach by a data security firm that discovered the files using a sophisticated, automated search of Google indexes.  The information was stored on a computer that was not linked to or accessible from any of the company’s public web pages.  Apparently, their “internal security policies and procedures were not followed…  While we believe that the risk of identity theft is minimal, SCMLC is doing everything required under the law with respect to notification of anyone who could be affected by this incident.”
  • The Texas Tribune reports that the personal data of about 4,900 current and former state employees may have been exposed in a DARS security breach.  Officials received word of a possible breach on Thursday afternoon and notified both the Health and Human Services Commission and law enforcement. The HHSC inspector general is investigating the incident.  The
    information – names and Social Security numbers of 4,900 current and former employees – was on an Internet site accessible to the public but not under department control.  The information has been removed from the site.
  • A laptop containing 8. 6 million medical records is 1 of 20 that has gone missing from an NHS building in London, according to a report. The computer was lost three weeks ago but police were only informed this week.
  • BBC reports that the hacker group LulzSec has opened a telephone request line so its fans can suggest potential targets.  It claims to have launched denial of service attacks on several websites as a result, although it did not detail which ones.  The unspecified hacks formed part of a wave of security breaches that the group called Titanic Takeover Tuesday.  The group publicised the telephone hotline on its Twitter feed.  Callers to the US number are met with a recorded message, in a heavy French accent, by an individual calling themself Pierre Dubois.

This recent string of hacker attacks being reported in the media is driving companies to seek “cyberinsurance” worth hundreds of millions of dollars, even though some policies can still leave them exposed to claims, according to Reuters.  Companies are having to enhance their information technology practices, their employee training and their HR functions just to get adequate coverage against intrusion.  In some cases, they are accepting deductibles in the tens of millions of dollars.  Demand is soaring according to insurance brokers, as companies try to protect themselves against civil suits and regulatory fines.

At least someone other than the criminals is making some profit in this tumultuous time…