GIS Partner Philip Gow wrote last week about the importance of staying ahead of data and privacy regulations in ITA Pro Magazine. In his article, Gow writes that businesses can not only put their clients at risk, but also their reputation, if they wait to respond to new privacy laws.

Turning a blind eye, Gow continued, could not only mean facing significant fines from regulators, but creating inefficiencies and long businesses processes to achieve compliance in the future as well.

In order to stay prepared and ahead of regulations, Gow recommended companies start their assessment and compliance process immediately, beginning with a review of their current compliance status. From there, Gow recommended companies recruit outside help and promote a general company culture that prioritizes compliance. 

Read the full article here: http://www.emagazine.itapro.org/Home/Article/4-Ways-Insurance-Can-Prepare-for-New-Data-Privacy-Laws/2953

On Monday, the payment details of more than 30 million Americans were put up for sale online by hackers. This data is consistent with records that were stolen from Wawa last year by a malware attack. 

Wawa disclosed in December that a major security breach had exposed their point-of-sale systems to a malware program that collected customer payment information. According to Wawa's statement, the malware was allowed to operate for months before detection, ultimately being operational between March and December of 2019. 

Wawa has said that the breach impacted each of its 850+ retail locations and could have lead to the compromised data of more than 30 million customers. 

The scale of this breach makes it one of the largest data breaches of all time, rivaling Home Depot's 2014 breach that affected 50 million customers and Target's 2013 breach that exposed data from 40 million customers. 

Read more about the breach here: https://www.zdnet.com/article/wawa-card-breach-may-rank-as-one-of-the-biggest-of-all-times/

The University of Rochester Medical Center (URMC) will pay $3 million in fines for failure to encrypt mobile devices and other HIPAA violations, it was announced in November. 

With more than 26,000 employees, URMC is one of the biggest health systems in the state of New York. 

In addition to the $3 million penalty, URMC will be forced to adopt a corrective action plan to address all aspects of noncompliance found in the investigation following the data breach.

You can read the full article here: https://www.hipaajournal.com/lack-of-encryption-leads-to-3-million-hipaa-penalty-for-new-york-medical-center/

This week, Security Boulevard published an article taking a look at some of the biggest and most impactful data breaches seen this year. 

Included on the list were First American Financial, Facebook, Fortnite, and more. Each of the breaches mentioned impacted hundreds of millions of people and were largely due to simple failures in systems or lack of adequate security measures. 

The article says that each of these breaches was preventable: "... the troubling reality is that most data breaches from 2019, including all those summarized below, could have been prevented with basic security hygeine." 

Read the full article here: https://securityboulevard.com/2019/12/biggest-2019-data-breaches-some-of-the-worst-of-the-worst/

AIM Managing Partner Philip Gow spoke with PIMA Insights last week about how businesses should prepare for and achieve compliance with new CCPA regulations set to take effect in January. In the interview, Gow described that even businesses with knowledge about compliance may not have the resources or expertise to execute and achieve full compliance with the new regulations. 

Setting your organization up for success in the future is crucial Gow said, and may require the use of third-party resources or outside firms. 

Read the full article here: https://www.pimainsights.org/blogs/michael-baccelli1/2019/11/19/when-to-bring-in-reinforcements

T-Mobile confirmed a breach affecting more than 1 million of its customers on November 22nd. The data exposed to the malicious actors includes name, billing address, phone number, account number, and details about the customer's T-Mobile plan. All T-Mobile customers known to be affected have been notified.

Read more here: https://techcrunch.com/2019/11/22/more-than-1-million-t-mobile-customers-exposed-by-breach/