CyberRisk: What we know and what we don't know
|
|
- Junior Rich
- 5 years ago
- Views:
Transcription
1 CyberRisk: What we know and what we don't know JOHN MULLEN, ESQ., LEWIS BRISBOIS BISGAARD & SMITH LLP ADAM COTTINI, ARTHUR J GALLAGHER MARCH 16, ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
2 Agenda March 16, 2016 Cyber Breach Activity Emerging & Future Trends Internet of Things (IoT) & Artificial Intelligence How does Cyber Insurance Apply to the Future? 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS 2
3 Cyber Breach Activity 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
4 The Usual Suspects DATA INTENSIVE INDUSTRIES Healthcare Higher Education Retail Public Entities Financial Institutions Events leading to breaches of Personally Identifiable Information Employee misplaces a laptop / mobile device Phishing attacks Inadvertent website posting Programming errors Malicious employee actions Hackers ALL OF THE ABOVE MAY BE CAUSED BY A VENDOR 4
5 The Unique Cyber attack a Medical Device Cyber Attack on Power Plant Cyber Attack on Manufacturing Facility Cyber Attack on a Dam Cyber Attack on a Car Cyber events that may cause bodily injury (BI) and/or property damage (PD) Yet the cyber liability policy excludes BI/PD 5
6 Cyber Threats Malicious Attacks Ransomware Hackers in network, Malware and viruses, Phishing scams, Physical theft of hardware and paper, denial of service Rogue employees UNSOPHISTICATED ACTORS Employees Negligence related to use and storage of data, failure to follow or learn POLICIES AND PROCEDURES, loss of portable devices, mis-mailing of paper, unencrypted s to the wrong recipients, web use violation, UNAPPROVED DEVICES, abuse of access. Vendor Any of the above can occur to a business associates with whom data is shared/system access granted 6
7 Types of Data at Stake PHI - Protected Health Information Information created or received by a covered entity or business associate relating to the past, present or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of health care to an individual, that identifies or can be used to identify individual PII Personally Identifiable Information i.e., Social Security number, driver s license number, bank account information, credit card information, online/financial account username and password, medical information, health insurance information, and address and password in CA, FL and PR. PCI Payment Card Information Cardholder data 7
8 Emerging & Future Trends 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
9 New State Regulations New or Effective in 2015 Connecticut (90 day deadline and credit monitoring) California (notice to DPH within 15 days. 1 year of credit monitoring. User name and pw = PII) New Jersey (some health insurers must encrypt) North Dakota (regulator notice if over 250) Montana (medical info and TIN) Utah (student data) Nevada (medical info and user name and pw) Washington (paper, regulator, 45 days) Wyoming (user name and pw, medical info, TIN) Oregon (regulator notice if over 250) Rhode Island (paper, regulator notice if over 500, 45 days) States with Unwritten Rules Pennsylvania (AG requests notice if incident affects PA residents, though no statutory requirement) California (DHCS interprets California data breach statute to cover paper breaches, and expects CA legislature to update statute soon to clearly cover paper breaches) Indiana (anything over 30 days is unreasonable delay ) Connecticut (demanding 2 years of credit monitoring) (90 days probably unreasonable delay ) North Carolina (routinely inquires as to timeline of events) 9
10 New Federal Activity NEW HIPAA/ HITECH OCR unofficially mandates automatic investigation if over 500 affected Covered Entities and their Business Associates subject to rules FTC Approx. 50 privacy investigations since 2002, and dozens of fines ($22.5 million - Google 2012) Actively enforcing health care vendor rules (breach reporting for non-hipaa entities) FCC (Regulates communications networks) First ever data breach fine (July, 2015)($10 million-terracom and YourTel America- 300,000 records) IMPORTANT July 7, State AGs write to Congress, urging U.S. to preserve state authority over data breaches SEC (More aggressive cyber role expected) FERPA (Federal funding can be, but never has been, cut off following violation) SOX (Requires security controls, and auditors require disclosure if such controls are inadequate) GLB (Privacy Rule suggests notification; Safeguards Rule suggests written security plan) FACTA (Red Flags Rule requires procedures to detect and prevent identity theft) 10
11 Regulatory Enforcement (Current Examples) HHS/OCR Cancer Care Group ($750,000 settlement, August 31, 2015) OCR found widespread non-compliance, and lack of policies, after laptop bag with unencrypted media exposed records of 55,000 patients State-Run Community Mental Health Facility ($150,000 settlement, Dec. 2014) Organization failed to patch systems and continued to run outdated, unsupported software resulting in exposure of 2,743 medical records FCC $25 million fine against ATT for unauthorized disclosure of information (April ,000 records) State Indiana Assurance of Voluntary Compliance (AVC)(multiple fines ranging from $4,000 to $20,000) TD Bank 260,000 affected ($850,000 nine state fine plus $650,000 Mass. fine in December 2014) 11
12 Private Litigation Robins v. Spokeo (U.S. Supreme Ct.) (Pending) Allegation that Spokeo posted false information. Privacy (not breach) case - implications for cyber. Supreme Court to decide whether violation of statute that allows automatic statutory damages, without any actual damages (as Plaintiffs allege FCRA does), confers standing even if no other harm alleged (Circuit Court said yes). Could open data breach class action floodgates in states whose statutes allow for automatic statutory damages. Neiman Marcus (July 2015) Actual fraud (reimbursed) and threat of imminent future harm confer standing. Seventh Circuit joins minority of Circuits (along with First, Ninth - but some post-clapper District Courts hold otherwise -, Eleventh, and a District Court in the Eighth) as data breach class friendly. The Third Circuit, and District Courts in the Second, Fourth, Fifth, Sixth, Tenth and D.C. Circuits are less favorable for Plaintiffs. 12
13 Private Litigation CGL Coverage Zurich v. Sony (NY State, 2014): PII stolen by hackers not publication under personal and advertising liability coverage in CGL policy (Zurich and Sony settled in May 2015). Cyber Coverage Columbia Casualty (CNA) v. Cottage Health System (C.D. Cal., May 2015) CNA sought to avoid coverage because Cottage failed to follow minimum required practices and for misrepresentation of security controls in application. Case dismissed (without prejudice) for failure to first engage in alternative dispute resolution as required in policy. Target Banking litigation banks won class certification in September (U.S.D.C. Minn.) October 23, District Court holds forensic investigation protected from discovery by attorney-client and work product privileges. December 2, 2015 settlement with MasterCard for $39.4 million, August 18, 2015 settlement with Visa for $67 million, and $10 million settlement with consumers (an objector appealed Court approval of the settlement on Dec. 10). 13
14 Internet of Things (IoT) & Artificial Intelligence (AI) An estimated 7B Mobile Devices Worldwide Your everyday life connected Home Transportation Health Does Convenience outweigh the Risk???? 14
15 How does Cyber Insurance Apply to the Future? 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
16 Available Coverages Today Exposure Category Description Network Security Liability Provides liability coverage if an Insured's Computer System fails to prevent a Security Breach or a Privacy Breach Privacy Liability Provides liability coverage if an Insured fails to protect electronic or non-electronic information in their care custody and control Regulatory Liability PCI Assessments Legal Expenses Forensic Investigations Coverage for lawsuits or investigations by Federal, State, or Foreign regulators relating to Privacy Laws Coverage for contractual assessments, fines and penalties owed under the terms of a Merchant Services Agreement due to non-compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and as the result of a data breach 1st Party legal expenses to review and determine responsibilities under Privacy Breach Law 1st Party expenses to investigate a system intrusion into an Insured Computer System Breach Response Notification Expense Credit /ID Monitoring 1st Party expenses to comply with Privacy Law notification requirements 1st Party expenses to provide up to 12 months credit monitoring Media Liability Cyber Extortion Data Recovery Public Relations 1st Party expenses to hire a Public Relations firm Covers the Insured for Intellectual Property and Personal Injury perils the result from dissemination of content (coverage for Patent and Trade Secrets are generally not provided) Payments made to a party threatening to attack an Insured's Computer System in order to avert a cyber attack 1st party expenses to recover data damaged on an Insured Computer System as a result of a Failure of Security Business Interruption 1st party expenses for lost income from an interruption to an Insured Computer System as a result of a Failure of Security Errors & Omissions (E&O) Technology E&O / Miscellaneous E&O coverage for wrongful acts committed by or on behalf of the insured 16
17 Policies Covering Loss General Liability Directors & Officers Errors & Omissions Crime Insurance All Risk Property Cyber Policies (1st Party, 3rd Party, Hybrid Coverage) 17
18 What can be done? Proactive Risk Management Steps Empowered Senior Executive Talk to your IT Security folks. Gain an appreciation of the many challenges Not many Firms can say: how many records they have; what type of data is being collected, stored, shared, protected; where does all this data reside; when is it purged? Assess & test your own staff and operations Incident response plan Document your due care measures (training and enforcement) Insurance Red Flags, data security and breach response plans affirmative duties Service level agreements Repeat 18
19 Closing Thoughts Many organizations WILL suffer a breach event in the near term. AND many have already sustained a breach but they failed to identify it 19
20 Adam Cottini Thank You Adam Cottini Managing Director, Cyber Liability Practice Arthur J. Gallagher & Co BSD17\26685A 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationCYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,
More informationWhat is a privacy breach / security breach?
What is a breach? What is a privacy breach / security breach? Privacy breach Computer security breach: The theft, loss or unauthorized disclosure of personally identifiable non-public information (PII)
More informationCyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby
Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC
More informationTo Notify Or Not To Notify Is No Longer The Question Robin Campbell Chandra Westergaard
SECURITY BREACH RESPONSE To Notify Or Not To Notify Is No Longer The Question Robin Campbell Chandra Westergaard States With Notification Laws Alaska Arizona Arkansas California Colorado Connecticut Delaware
More informationCYBERINSURANCE TRENDS AND DEVELOPMENTS
CYBERINSURANCE TRENDS AND DEVELOPMENTS What cyber risks can be covered Emerging products Recent cases, pending legislation and regulation Claims case studies INTRODUCTION TO CYBERINSURANCE Gartner defines
More informationEvaluating Your Company s Data Protection & Recovery Plan
Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationCyber Risk Management
Cyber Risk Management Privacy & Data Protection Agenda 2 Introductions Risk Management 101 Defining & Quantifying a Breach Prevention, Mitigation & Transfer Strategies Finance Strategy- Cyber Insurance
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More information503 SURVIVING A HIPAA BREACH INVESTIGATION
503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented
More informationHIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA
HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory
More informationThe Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage
The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage James P. Bobotek james.bobotek@pillsburylaw.com (202) 663-8930 Pillsbury Winthrop Shaw Pittman LLP DOCUMENT
More informationCyber Risks & Cyber Insurance
Cyber Risks & Cyber Insurance Terry Quested Executive Director Associated Risk Managers of Ohio Darren Faye Vice President Leonard Insurance / Assured Partners Legal Disclaimer The views, information and
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationCYBER AND PRIVACY INSURANCE
ACE PRIVACY PROTECTION CYBER AND PRIVACY INSURANCE APPLICATION FORM NOTICE The policy for which you are applying is written on a claims made and reported basis. Only claims first made against the insured
More informationJAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group
SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent)
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationEmerging legal and regulatory risks
Emerging legal and regulatory risks Presentation for AusCERT2016 Matthew Pokarier and Ben Di Marco Structure Regulatory risks Third-party liability Actions by affected individuals Actions by banks and
More informationHealthcare Data Breaches: Handle with Care.
Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar www.idexpertscorp.com The material presented in this presentation is not intended to provide legal or other expert advice
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationUnderstanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC
Understanding Cyber Risk in the Dental Office Melissa Moore Sanchez, CIC Data Breaches are Escalating Between February 5, 2005 and May 26, 2012 561,465,563 records containing sensitive personal information
More informationCYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY
CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationCyber Risk Insurance Policy Application
5 W. Hargett Street, 4th Floor, Raleigh, NC 27601 Fax: (919) 834-7039 Email: Underwriting@SuretyOne.org Cyber Risk Insurance Policy Application INSURING AGREEMENT I.B. OF THIS POLICY IS WRITTEN ON A CLAIMS
More informationData Breach Financial Protection Program Terms and Conditions
Data Breach Financial Protection Program Terms and Conditions The Data Breach Financial Protection Program (the Program ) is a comprehensive expense reimbursement program, provided with some Netsurion
More informationCyber Enhancement Endorsement
Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?
More informationMEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013
More informationCyber Liability Insurance. Data Security, Privacy and Multimedia Protection
Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such
More informationCYBER AND INFORMATION SECURITY COVERAGE APPLICATION
NOTICE: THIS APPLICATION IS FOR CLAIMS-MADE AND REPORTED COVERAGE, WHICH APPLIES ONLY TO CLAIMS FIRST MADE AND REPORTED IN WRITING DURING THE POLICY PERIOD, OR ANY EXTENDED REPORTING PERIOD. THE LIMIT
More informationCyber Liability A New Must Have Coverage for Your Soccer Organization
Cyber Liability A New Must Have Coverage for Your Soccer Organization Presented By: Pat Pullen Jeanne Zabuska President Underwriting Manager February 17, 2012 Why do you need Cyber Liability? Have a web
More informationSafeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker
Safeguarding Your HIPAA and Personal Health Information Data Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker 1 Overview» Patient information confidentiality Grant requirements
More informationDefending Litigation After a Data Breach
Defending Litigation After a Data Breach November 9, 2016 Stewart Baker Steptoe & Johnson LLP Defending Litigation After a Data Breach Class Action Suits Commonly Filed By: Consumers Financial Institutions
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationPaul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP
HOW TO NAVIGATE THE LANDSCAPE OF GLOBAL PRIVACY AND DATA PROTECTION Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP Topics to Cover General Concepts Increased U.S. enforcement activity
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationHIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.
HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure
More information2016 Business Associate Workforce Member HIPAA Training Handbook
2016 Business Associate Workforce Member HIPAA Training Handbook Using the Training Handbook The material in this handbook is designed to deliver required initial, and/or annual HIPAA training for all
More informationDetermining Whether You Are a Business Associate
The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information
More informationPersonal Information Protection Act Breach Reporting Guide
Personal Information Protection Act Breach Reporting Guide If an organization determines that a real risk of significant harm exists to an individual as a result of a breach of personal information, section
More informationCyber Liability Insurance for Sports Organizations
Cyber Liability Insurance for Sports Organizations The biggest threat to your organization or club isn t a loss of funds. It s a loss of data. From online sign-ups and payment systems to social media
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationHIPAA / HITECH. Ed Massey Affiliated Marketing Group
HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationMANAGING DATA BREACH
MANAGING DATA BREACH Beazley is a specialist insurer and leading provider of cyber insurance. Michael Phillips is a Claims Manager in the Technology, Media, and Business division of Beazley, and focuses
More informationCyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationBe the GAME CHANGER.
Be the GAME CHANGER. DISCLAIMER Seminar materials and presentations are intended to provide you with guidance and insight with regard to the selected topics. However, your instructor is not an attorney;
More informationNew HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda
New HIPAA Breach Rules NAHU presents the WHAT and WHYs Presenters: David Smith JD, Vice President, Ebenconcepts Tom Jacobs JD, co-ceo eflexgroup Moderator: Ric Joyner CEBS CFCI, co-ceo, eflexgroup 1 Agenda
More informationCYBER CLAIMS BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIMS & LEGAL GROUP
www.willis.com July 2015 CYBER CLAIMS BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIMS & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL
More informationApplication - All States
Carrier: Application - All States This application is for a Claims Made policy. Please read your policy carefully. INSURANCE OVERVIEW 1. Coverage requested Please indicate the coverage part(s) and limit(s)
More informationTHE HARTFORD CYBERCHOICE 2.09 SM
THE HARTFORD CYBERCHOICE 2.09 SM CYBER AND TECHNOLOGY RISK AND LIABILITY INSURANCE (INSURER NAME) NOTICE: THE LIABILITY COVERAGE PARTS SCHEDULED IN ITEM 5 OF THE DECLARATIONS PROVIDE CLAIMS MADE COVERAGE.
More informationBusiness Associate Risk
Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation
More informationCyber Risk Insurance. Frequently Asked Questions
Cyber Risk Insurance Frequently Asked Questions Frequently Asked Questions What is Cyber Risk? Why should I buy Cyber Risk Insurance? What is the cost? Who is Great American Insurance? Why should I buy
More informationTrue or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)
Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent
More informationPreparing for a HIPAA Audit & Hot Topics in Health Care Reform
Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,
More informationSTEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationAXIS PRO PRIVASURE INSURA
AXIS Insurance Telephone: (678) 746-9000 111 S. Wacker Dr., Ste. 3500 Toll-Free: (866) 259-5435 Chicago, IL 60606 Facsimile: (678) 746-9315 Website: www.axiscapital.com/en-us/insurance/us#professional-lines
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationInvas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?
Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered? Speakers : Edward M. Joyce, Partner, Jones Day Leslie Lamb, Director Global Risk Management, Cisco Systems, Inc. The views
More informationResponding to Privacy Breaches
Key Steps in Responding to Privacy Breaches The purpose of this document is to provide guidance to private sector organizations, health custodians and public sector bodies on how to manage a privacy breach.
More informationTHIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY CRISIS MANAGEMENT COVERAGE The Insurer shall pay on behalf of the Insured: 1) Crisis Management Expenses that are a direct result of a Network
More informationMedical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches. April 3, 2009
Medical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches April 3, 2009 Jon A. Neiditz Cynthia B. Hutto Ross E. Sallade Eli A. Poliakoff Nelson Mullins Healthcare Information
More informationCase 2:15-cv Document 1 Filed 12/08/15 Page 1 of 15 UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE JUDGMENT
Case :-cv-0 Document Filed /0/ Page of UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF WASHINGTON AT SEATTLE ATLANTIC SPECIALTY INSURANCE COMPANY, vs. Plaintiff, NO. JUDGMENT Clerk s Action Required
More informationDoes the Applicant provide data processing, storage or hosting services to third parties? Yes No
BEAZLEY BREACH RESPONSE APPLICATION NOTICE: THIS POLICY S LIABILITY INSURING AGREEMENTS PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationCritical Issues in Cybersecurity:
Critical Issues in Cybersecurity: Are you prepared and in compliance? July 27, 2017 Robert Barbarowicz Scott Lyon JillAllison Opell 1 What Types of Information do We Collect? PII v. PHI v. NPI v. sensitive/confidential
More informationHealth Information and Technology Update
Becky Williams Chair, HIT/HIPAA Practice Techno-News all the acronyms that fit Edwin Rauzi Partner Randy Gainer Partner Health Information and Technology Update The New ARRA Reality (Or ARRA You Ready)
More informationWhen The Wind Blows: Renewable Energy Risk Management Strategies
When The Wind Blows: Renewable Energy Risk Management Strategies Small Wind Conference 2017 1 Overview About HUB Insurance Solutions General Coverage Overview Stakeholders Cyber Liability Engineers and
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationProtoType 2.0 Manufacturing E&O with CyberInfusion
Table of Contents General Notice Pages 1-2 Third-Party Liability (claims made against you) Pages 3-10 First Party (your own losses) Pages 11-16 Business Interruption (your own losses) Pages 17-22 Common
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More information)TADA. 4 Texas Automobile Dealers Association. TADA Members. To: From: Date: Karen Phillips May Re: MEMORANDUM
Attached is a copy of the Assurance of Voluntary Compliance with Appendices A, B, C and D. third-party vendor has access to personal information, verify the vendor is securing the data. telephone, take
More informationAGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION
AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION THIS AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION ( PHI ) ( Agreement ) is entered into between The Moses H. Cone Memorial Hospital Operating
More informationMEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional
THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional Services: $100,000 $250,000 $500,000 $1,000,000 $2,000,000 Other:$ Technology Product
More informationDATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY Coverage under this endorsement is subject to the following: PART 1 RESPONSE
More informationTexas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300
Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas
More informationOLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE
OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE August 2017 WHO NEEDS PCI TRAINING? THE FOLLOWING TRAINING MODULE SHOULD BE COMPLETED BY ALL UNIVERSITY STAFF THAT: - PROCESS PAYMENTS
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationNew. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.
Subject: Protected Health Information Breach Notification Policy Department: Enterprise Risk Management Services Executive Sponsor: SVP/Chief Risk Officer Approved by: Rod Hochman, MD President/CEO Policy
More informationHIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT
WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile
More informationLICENSE AGREEMENT. Security Software Solutions
LICENSE AGREEMENT Security Software Solutions VERIS ACTIVE ID SERVICES AGREEMENT between Timothy J. Rollins DBA Security Software Solutions, having an office at 5215 Sabino Canyon Road and 4340 N Camino
More informationCyber Incident Response When You Didn t Have a Plan
Cyber Incident Response When You Didn t Have a Plan April F. Doss Saul Ewing LLP How serious is the cybersecurity threat? Some sobering numbers from 2015: Over half a billion personal records were stolen
More informationHIPAA Security How secure and compliant are you from this 5 letter word?
HIPAA Security How secure and compliant are you from this 5 letter word? January 29, 2014 www.prnadvisors.com 1 1 About me Over 20 Years in IT as hand-on leader Implemented EMR s of all sizes for Hospitals,
More informationACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT WITH THE DOCTORS CLINIC, PART OF FRANCISCAN MEDICAL GROUP
ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT WITH THE DOCTORS CLINIC, PART OF FRANCISCAN MEDICAL GROUP and THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between The Doctors
More informationEXCERPT. Do the Right Thing R1112 P1112
MD A n d e r s o n s S t a n d a r d s O f C o n d u c t: EXCERPT Do the Right Thing R1112 P1112 Privacy and Confidentiality At MD Anderson, we are committed to safeguarding the privacy of our patients
More information