Renaissance Life & Health Insurance Suffers Data Privacy ‘Incident’

BACKGROUND:

It has been reported that Renaissance Life & Health Insurance Company of America (“Renaissance”) is providing notice of an incident experienced by its third-party vendor, Secure Administrative Solutions LLC (“SAS”), which may impact the privacy of certain individuals’ protected health information. On June 1, 2021, SAS reported that the incident resulted in exfiltration of certain protected health information related to SAS’ clients. Upon receiving this report, Renaissance immediately worked with SAS and others to confirm the nature and scope of the data at issue, including whether and how it related to Renaissance policyholders.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Morgan
Trevor Morgan , Product Manager
InfoSec Expert
August 10, 2021 2:09 pm

<p>Insurance companies and their partners and vendors are highly data-driven. They handle and process huge volumes of sensitive health and personal information for a variety of reasons, including claims processing, data analytics, and new product development. Unfortunately, threat actors are aware of the treasure trove of valuable data these organizations possess. We can’t be surprised that the Renaissance Life &amp; Health Insurance Company received notice, then, that a third-party vendor experienced a cyberattack targeting their PHI. As a matter of fact, all insurance companies (and enterprises in general) should assume that at some point a successful attack like this one may penetrate protected perimeters, allowing hackers to get their hands on that valuable data.</p>
<p>To nullify the value of that data on the black market, insurance companies and their partners can apply data-centric security such as format-preserving encryption or tokenization. Tokenization in particular replaces sensitive data elements with meaningless representational tokens, so even if threat actors apprehend the data, the sensitive information is obscured and worthless. Better yet, data-centric security is not restricted to protected borders and can travel with data as it moves through a processing environment. If companies are looking for effective insurance against cyberattacks, look no further than data-centric security.</p>

Last edited 1 year ago by Trevor Morgan
1
0
Would love your thoughts, please comment.x
()
x