Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices for Insuring Medical Practices from Cyber Risk.

Published byDeshaun Bibby Modified over 9 years ago

Similar presentations

Presentation on theme: "Best Practices for Insuring Medical Practices from Cyber Risk."— Presentation transcript:

1 Best Practices for Insuring Medical Practices from Cyber Risk

2 Karin Landry Spring Consulting Group, LLC Managing Partner

3 3 “There are two kinds of companies today, those who know they have been hacked, and those who don’t.” James Comey FBI Director (USA Today, May 2014)

4 4 Cyber Risk Trend/Statistics 2013 Verizon Data Breach Study Organized crime accounts for 55% of all breaches studied Organizations under 100 employees account for 31% of all breaches 66% of breaches took months to discover 69% of breaches are discovered by external party 78% of the breaches are considered low to very low difficulty Method of action: –40% Malware –52% Hacking Most desired data for organized crime: –Payment card information –Authentication credentials –Bank account information 48% of the 47,000 security incidents studied were attributed to errors such as: –Lost devices –Publishing errors –Mis-delivered email/mail

5 5 True Cost of a Data Breach $188 Per Record for U.S.* Forensics (determining where, what and how much data was breached) Notification (as required by law) Fines/Penalties Loss of Customers/ Donors Damage Control Expenses (to retain clients, restore confidence in org. and restore reputation) NOTE: This study DOES NOT factor in costs associated with defense costs or liability payments made *Source: 2013 Cost of a Data Breach Study – Ponemon Institute

6 6 Anatomy of a Data Breach Incident Malicious attack, employee error, or theft Discovery Victims are sometimes the last to know. Usually discovered within months Forensics Analysis What, Where and How Response Compliance to regulatory requirements for notification Damage Control Offering credit monitoring /fraud monitoring to impacted parties

7 7 Common Cyber Risk Coverages Media/Website Publishing Liability Security Breach Liability Crime - Extortion and computer fraud/funds transfer fraud Restoration/ Replacement of Electronic Data Business Income/Extra Expense Security Breach Expense Public Relations Expense Fines/Penalties - Regulatory proceedings and payment card industry Employee Privacy Liability

8 8 Regulatory Considerations: Data Breach Notification Laws In effect in 47 states except: –Alabama –New Mexico –South Dakota Subject to statutory fines/penalties –Exemptions and notification deadlines vary by state HIPAA /HITECH law to entities that keep patient health information –Enforced by the Department of Health/Human Services

9 9 Social Media Exposures Content Potentially liable for content (i.e., Facebook page, YouTube video, blog on your website) Privacy Content posted can breach a person’s privacy or lead to identity theft Intellectual Property Infringement Copyright/trademark Virus/Malware Could be uploaded to your social media site that infects other members who click on that link Reputational/Public Relations Risk Certain negative content can go viral and reach a critical mass of people in a very short time

10 10 Risk Management View Cyber viewed as very high profile risk by CEOs, CFOs, treasurers and risk managers Captive may be an excellent alternative to fill gaps between self insurance and true risk transfer –Cyber risk may diversify a captive’s more traditional risk *Source: Business Insurance Survey 56% of risk managers cite cyber risk as “top concern”* 52% of risk managers have dedicated cyber risk insurance policy*

11 11 How to Price Cyber Insurance The market for network, information security, and privacy (cyber) insurance remained stable in 2013 Recent events will define the market for the next several years Pricing sources: –Commercial market quotes –Broker indications based on: Industry (retail, manufacturing, financial institution) Exposure (credit cards, healthcare personal data, SSNs, HIPAA exposures) Company size (# of customers, # of transactions) –Actuary –Transfer pricing study

12 Case Study: Nittany Insurance Company

13 13 Nittany Insurance Company Single-parent Vermont-based captive, owned by The Pennsylvania State University 1992 Established as funding vehicle for hospital professional liability insurance 2000 Expanded to include reinsurance of primary GL and auto coverage Later in 2000’s Added more coverages for convenience of University (i.e. deductible reimbursement for master insurance programs)

14 14 Penn State University Flagship land-grant University in the Commonwealth of Pennsylvania –However, NOT owned by the State Operating Budget 2013/14: $5 Billion 25,000 full-time faculty and staff, plus another 15,000 part-time employees 93,000 students at 20 campuses Two hotel/conference centers One very large football stadium

15 15 The Situation Decentralized educational departments and IT networks/ systems 22 million overtly-hostile computer intrusions blocked daily 170,000 email accounts receive 3.2 million emails daily Over 95 million spam emails blocked daily Insurers not interested in covering large research institution with open computing philosophy Commercially available policy forms did not provide needed coverage Wanted a single funnel to accumulate expenses and manage responses to breaches Wanted behavior modification: –Incentivize decentralized units to use good computer security practices

16 16 The Solution Placed risk in owned captive Key feature of the coverage is a two-tiered deductible –If a unit employs certain “good practices” advocated by IT Security Operation Services, but has a breach anyway, $25,000 deductible –If a unit did not employ “good practices”, and that led or contributed to a breach, $100,000 deductible

17 17 The Results Firewalls more reliably installed, maintained and patched Security software updated real-time Software contracts routinely scrutinized and include security requirements Actual compromises decreased significantly Release of SSN’s declined from 10,000 at a time to 5-10 in isolated instance

18 18 Contact Information w w w. s p r i n g g r o u p. c o m Karin Landry Managing Partner Spring Consulting Group, LLC Karin.Landry@springgroup.com Phone: 617-589-0930; ext. 102

Download ppt "Best Practices for Insuring Medical Practices from Cyber Risk."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Travelers CyberRisk for Insurance Companies

Travelers CyberRisk for Insurance Companies
Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Similar presentations

Ads by Google