Remedial Measures/Security Enhancements. Turnkey has implemented and shall continue to implement data enhancement measures to provide security for Plaintiffs’ and Settlement Class Members’ Personal Information. Costs associated with these security enhancement measures have been paid and will be paid by Turnkey separate and apart from other settlement benefits. Nothing about this provision shall create any contractual rights to any present or future equitable remedy requiring Turnkey to make or maintain any particular security processes or procedures in the future.
Remedial Measures/Security Enhancements. In addition to the foregoing settlement benefits, Plaintiffs have received assurances that DOL has implemented or will implement certain reasonable steps to adequately secure its systems and environments, including the following data security measures:
Remedial Measures/Security Enhancements. Einstein has implemented information security enhancements since the Incident, and as part of this agreement Einstein will commit to continue to make additional security enhancements in the future. Nothing in this section shall create any contractual rights to any present or future equitable remedy requiring Einstein to make or maintain any particular security processes or procedures in the future. The enhancements implemented by Einstein since the Incident or that it expects to implement in the future include but are not limited to the following: • Implement advanced security awareness training to educate employees to recognize and avoid engagement with phishing emails and other similar social engineering attempts; • Implement controls and technology enforcement of controls to check, warn, or block PII and PHI that is transmitted externally via unencrypted email; • Implement multi-factor authentication for web email interface or VPN access to any Einstein systems; • Implement enhanced password security measures for Einstein email accounts, including requirements of password reset on a regular intervals; • Engage a reputable third-party cybersecurity company to deploy endpoint monitoring and response tools on an around-the-clock basis; • Identify and remove inactive email accounts to reduce the number of accounts present on the network; • Encrypt Social Security numbers and other sensitive PII or PHI, both when at rest and during movement (but not for internal emails sent by and between Einstein employees); • Within two (2) years of the date of this Agreement, Einstein will segment all internet-facing and/or ecommerce applications from internal networks; • Within one (1) year of the date of this Agreement, Einstein will complete a risk assessment that includes both internal and external penetration testing; • Engage third-party security auditors/penetration testers to conduct testing, including simulated attacks, penetration tests, and audits on Einstein’s systems on a periodic basis; • Audit, test, and train its security personnel regarding any new or modified procedures; • Purge, delete, and destroy in a reasonably secure manner data not necessary for Einstein’s provision of services; • Conduct regular computer system scanning and security checks; and • Conduct internal training and education to inform internal security personnel how to identify and contain a breach when it occurs and what to do in response to a breach.
Remedial Measures/Security Enhancements. XXXX agrees to continue to review and enhance data privacy and security measures and its data security and privacy protocols and policies as part of this Settlement, including but not limited to establishing, and maintaining if already in place, a policy that any third-party it allows to access its members’ personal data shall confirm that it has industry acceptable protection and security provisions in place for said information and such other policies and measures as FFCU deems advisable.
Remedial Measures/Security Enhancements. OSF has implemented information security enhancements since the Incident, and as part of this agreement, OSF will commit to continue with these security enhancements in the future. The enhancements include third party security monitoring, third party logging, network monitoring, firewall enhancements, email enhancements, and equipment upgrades. Nothing in this section shall create any contractual rights to any present or future equitable remedy requiring OSF to make or maintain any particular security processes or procedures in the future.
Remedial Measures/Security Enhancements. Defendant will confirm to Class Counsel that it has made enhancements Defendant has made to its data security systems since the Data Incident through the date of the Claims Period. Defendant will provide Plaintiffs with a good faith estimate of the value of the security enhancements implemented since the Data Incident.
Remedial Measures/Security Enhancements. Navicent has made information security enhancements since the Data Incident, and Navicent will commit to continue to make additional security enhancements in each of the years 2020, 2021, and 2022. The enhancements include third party security monitoring, third party logging, network monitoring, firewall enhancements, email enhancements, and equipment upgrades.
Remedial Measures/Security Enhancements. Defendant will provide Plaintiffs with detailed information on all security enhancements undertaken since February 19, 2021 to the date of this Settlement Agreement. Defendant will commit to a security risk assessment in 2022 and 2023 and will enact reasonable and appropriate security enhancements identified in the security risk assessment.
Remedial Measures/Security Enhancements. Centerstone improved information security enhancements to date, and will commit to additional information security enhancements in 2023. The enhancements include third party security monitoring, third party logging, network monitoring, firewall enhancements, email enhancements, and equipment upgrades. Costs associated with these business practice commitments (or injunctive relief) will be paid by Centerstone separate and apart from other settlement benefits.
Remedial Measures/Security Enhancements. Defendant has taken and agrees to continue for 36 month an adjustment to its internal controls and systems to further secure its PHI and PII (“Business Practice Commitments”), including: • PTHC re-trained its staff about cybersecurity, in general, and phishing attempts, in particular; • passwords for all systems were changed and password requirements strengthened; • geolocation restrictions were reviewed and hardened; • PTHC implemented Microsoft Office 365 with multifactor authentication through Azure; • Rapid7 intrusion detection was installed on all PCs with 24/7 monitoring through a security operations center (SOC); • PTHC installed CrowdStrike Endpoint detection on all servers with 24/7 monitoring through SOC; • PTHC implemented routine ongoing phishing testing through KnowBe4; • PTHC adopted a learning management system to deliver threat awareness instruction; • PTHC engaged vCISO through a third-party vendor to review and advise on governance, risk, compliance frameworks, and security hardening; • PTHC required multi-factor authentication for VPN/remote access and other critical platforms Actual costs for the implementation and maintenance of the Business Practice Commitments will be paid by PTHC as it is additional consideration for the release described herein and is separate and apart from the reimbursements paid under ¶¶ 2.1 and 2.2 and the Identity Defense Total Service paid for under ¶ 2.5.
