Renaissance Life & Health Insurance Suffers Data Privacy ‘Incident’

BACKGROUND:

It has been reported that Renaissance Life & Health Insurance Company of America (“Renaissance”) is providing notice of an incident experienced by its third-party vendor, Secure Administrative Solutions LLC (“SAS”), which may impact the privacy of certain individuals’ protected health information. On June 1, 2021, SAS reported that the incident resulted in exfiltration of certain protected health information related to SAS’ clients. Upon receiving this report, Renaissance immediately worked with SAS and others to confirm the nature and scope of the data at issue, including whether and how it related to Renaissance policyholders.

Experts Comments

August 10, 2021
Trevor Morgan
Product Manager
comforte AG

Insurance companies and their partners and vendors are highly data-driven. They handle and process huge volumes of sensitive health and personal information for a variety of reasons, including claims processing, data analytics, and new product development. Unfortunately, threat actors are aware of the treasure trove of valuable data these organizations possess. We can’t be surprised that the Renaissance Life & Health Insurance Company received notice, then, that a third-party vendor experienced

.....Read More

Insurance companies and their partners and vendors are highly data-driven. They handle and process huge volumes of sensitive health and personal information for a variety of reasons, including claims processing, data analytics, and new product development. Unfortunately, threat actors are aware of the treasure trove of valuable data these organizations possess. We can’t be surprised that the Renaissance Life & Health Insurance Company received notice, then, that a third-party vendor experienced a cyberattack targeting their PHI. As a matter of fact, all insurance companies (and enterprises in general) should assume that at some point a successful attack like this one may penetrate protected perimeters, allowing hackers to get their hands on that valuable data.

To nullify the value of that data on the black market, insurance companies and their partners can apply data-centric security such as format-preserving encryption or tokenization. Tokenization in particular replaces sensitive data elements with meaningless representational tokens, so even if threat actors apprehend the data, the sensitive information is obscured and worthless. Better yet, data-centric security is not restricted to protected borders and can travel with data as it moves through a processing environment. If companies are looking for effective insurance against cyberattacks, look no further than data-centric security.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.