M4:

Question 1

Information that is a subset of health information, including demographic information collected from an individual and:
1) is created or received by a health care provider, health plan, employer, or health care clearinghouse
2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; that
(i) identifies the individual or
(ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Answer 1

Protected Health Information (PHI)

Defined by HIPAA

Question 2

Using the same password for multiple clients

Answer 2

Data breach of a retirement plan

Question 3

1. Data management.
2. Technology management.
3. Service provider management.
4. People issues slash training period

Answer 3

4 major areas for effective practices and policies identified by the 2011 Council

Question 4

The Advisory Council on Employee Welfare and Pension Benefit Plans

Answer 4

The ERISA Advisory Council

Question 5

Cybercriminals encrypt/seize entire hard drives & hold for high ransom

Answer 5

Ransomware

Question 6

Removing or retaining a service provider

Answer 6

A fiduciary act

Question 7

Information that can be used to distinguish/trace an individual’s identity, such as their name, SSN, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

Answer 7

PII

Defined by Office of Management and Budget (OMB)

Question 8

A service provider involved with plan administration

Answer 8

Third-Party Administrator (TPA)

Question 9

Where cyber criminals pretend to be senior executives asking employees to transfer funds.

Answer 9

Wire transfer e-mail fraud

Question 10

This office has set definitions for PII

Answer 10

Office of Management and Budget (OMB)

Question 11

Prescription disposals in a trash can

Answer 11

Data breach of a medical plan

Question 12

4 common cyber threats

Answer 12

Ransomware
phishing
wire transfer e-mail fraud
malware via external devices

Question 13

Where intrusive and harmful software is stored on an external drive that is inserted into and executed on a network computer.

Answer 13

Malware via external devices

Question 14

cyber security issues

Answer 14

2015 Council focus

Question 15

Law that controls the way private information of individuals is treated

Answer 15

Gramm-Leach-Bliley Act

Question 16

A section of ERISA that requires a fiduciary to discharge their duties

Answer 16

404(a)

Question 17

Failure to install security system updates

Answer 17

A form of data breach identified in retirement plans

Question 18

developing educational materials for plan sponsors, fiduciaries and their vendors; highlighting the need to focus on benefit plan cybersecurity in addition to enterprise cybersecurity.

Answer 18

2016 Council focus

Question 19

Lost documents with PHI

Answer 19

Data breach of a medical plan

Question 20

This agency requires personal data in benefit plans to be protected

Answer 20

Federal Trade Commission (FTC)

Question 21

Where fraudulent emails are sent with the objective of enticing the user to interact and inadvertently provide an avenue for cyber-criminals to infiltrate a computer network.

Answer 21

Phishing

Question 22

An individual’s name in combination with other data

Answer 22

Personal information

Question 23

This organization that developed the Cybersecurity Framework

Answer 23

National Institute of Standards and Technology (NIST)

Question 24

Involved inadvertent exposure of personal medical information

Answer 24

GMR case

Question 25

It issued 3 pieces of sub-regulatory guidance addressing the cybersecurity practices of retirement plan sponsors, their service providers & plan participants

Answer 25

Department of Labor (DOL)