Source 1 | 2023-01-09
“Mike Rogoway reports that Oregon’s worker’s compensation insurer, SAIF Corp., experienced a breach in October that potentially compromised policyholders’ information and workers’ compensation claimants’ personal and medical information.“
“Following an analysis of that data by third-party cybersecurity experts, we have evidence to suggest that the majority of the accessed data was from information collected prior to 2003. If you had a policy or a claim before January 1, 2003, there is a possibility that your data was compromised. For policyholders, that data may have included Social Security numbers, financial account numbers, and medical information about employees of policyholders. For claimants, the data may have included Social Security numbers, driver’s license numbers, financial account numbers, health insurance policy numbers, and medical history information.“
“They offer no statement as to why they were still storing files from prior to 2003, but a spokesperson for SAIF sent DataBreaches the following statement in response to our question about whether retention was required: SAIF is subject to ORS 192 requiring records retention and our specific record retention schedule is approved by the Oregon State Archivist. SAIF is required to retain policy files and worker accident claim files for 75 years from the date of the policy or, in the case of a claim, the worker’s injury.“
Cybersecurity for Critical Infrastructure
SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.
