Healthcare Data Breaches: Handle with Care.

Size: px
Start display at page:

Download "Healthcare Data Breaches: Handle with Care."

Transcription

1 Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar

2 The material presented in this presentation is not intended to provide legal or other expert advice as to any of the subjects mentioned, but rather is presented for general information only. You should consult knowledgeable legal counsel or other knowledgeable experts as to any legal or technical questions you may have. Further, the insurance discussed is a product summary only. For actual terms and conditions of any insurance product, please refer to the policy. Coverage may not be available in all states. 2

3 Presenters Jeremy Henley Insurance Solutions, ID Experts Anthony Dagostino VP, Professional Risk, ACE Group 3

4 Webinar Agenda Emerging trends in data breach How healthcare data breaches are different Proven strategies to optimize your breach response Privacy liability insurance coverage and benefits 4

5 Mobile Threats New technologies create new risks Use of multiple mobile devices creates multiple data access points Often unencrypted Increasing use of personal devices (BYOD trend) 5

6 Outsourcing Risks Economics drives organizations to outsource software & services The cloud introduces new, difficult to control risks Business services, especially outside the US, multiple data exposure risks 6

7 Root Causes of Data Breaches Top Breach Triggers (number of claims) Human error 20% Hack 20% Lost/stolen laptop 15% Paper 9% Lost/stolen tapes/cds 9% Privacy policy violation 4% Lost/stolen USB 4% Software error 3% Lost/stolen mobile 3% By Type of Organization (number of claims) Hospitals 58% MCO 20% Vendor (billing/tpa/ IT/software) 11% Office/rehab/LTC 10% ACE USA Healthcare Privacy Claim Trends,

8 Healthcare Data Breaches are Different Type of data lost Complexity of rules and regulations Common threats Rigorous enforcement Reputational harm Costs Cyber/privacy insurance 8

9 Financial Burden of Healthcare Breach First Party Expenses Breach coach/consultant IT forensics firm Legal Compliance with regulations Indemnification rights Notification Call center Public relations/crisis management Credit monitoring/freezing EOB monitoring ID restoration/investigation Third Party Expenses Lawsuits Regulatory violation allegations (HIPAA/HITECH) Patient claims (emotional distress, mental anguish) Regulatory fines HIPAA HITECH PCI-DSS FTC AG inquiries/fines HHS/OCR audits and investigations 9

10 Employee Misplaces Flash Drive An employee misplaced a key chain with an attached flash drive, which contained the PHI of approximately 270 patients. The provider retained counsel and notified the impacted individuals. Insured costs: $27,000 in legal fees and notification costs The claim scenarios described here are hypothetical and are offered solely to illustrate the types of situations that may result in claims. These scenarios are not based on actual claims and should not be compared to an actual claim. The precise coverage afforded by any insurer is subject to the terms and conditions of the policies as issued. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued, and applicable law. 10

11 External Vendor Can t Find Hard Drives A healthcare provider contracted with a national vendor to relocate hard drives and servers. The provider discovered several missing hard drives containing PHI after taking inventory. The provider retained legal counsel to analyze regulatory obligations as well as vendors to conduct forensics, to notify impacted individuals, and to offer credit monitoring services. The notifications resulted in regulatory inquiries and the filing of several class action suits. Costs adding up! Forensics, legal fees, notification, call center, CM Legal fees (class actions & responses to regulatory inquiries) The claim scenarios described here are hypothetical and are offered solely to illustrate the types of situations that may result in claims. These scenarios are not based on actual claims and should not be compared to an actual claim. The precise coverage afforded by any insurer is subject to the terms and conditions of the policies as issued. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued, and applicable law. 11

12 Understanding Gaps Reduces Risks Complete an annual privacy and security risk assessment Data inventory Policy review IT security review Business associate assessment Cyber liability insurance review 12

13 When a Breach Occurs Follow a prescribed approach, such as the ID Experts YourResponse Method (below) 13

14 Discover Phase Determine what happened What are the facts of the incident? Are forensics necessary? Treat findings like evidence, because it is. 14

15 Discover Phase Preliminary Work Contact applicable parties ASAP Insurer Breach coach Law firm Law enforcement Affected banks Forensics firms Initial Steps Compliance assessment Operations analysis o o o Vendor/subcontractor contract review Applicable regulators Internal policies in place Develop timeline Prepare budget Assess vendors (forensics/pr/etc.) Document everything 15

16 Analyze Determine if the incident is a breach Analyze the facts with applicable federal and state laws. What data? Was it exposed? Is there an exception (safe harbor) that applies? Is there a risk of harm? Is there a notification obligation? If no notification obligation, document analysis. 16

17 Formulate Formulate a risk proportionate response What was the nature of the event Type of data lost Needs of breach population Sensitivity of organizational reputation Industry or stakeholder expectations Applicable laws and regulations Real and/or perceived risk of lawsuit 17

18 Respond Sending the letter Taking the calls Handling the press Managing escalations Monitoring legal activity 18

19 Privacy Liability Coverage It s not just Cyber insurance Coverage is for enterprise-wide risk from IT to HR to regulatory fines and penalties Three primary types of coverage: Privacy liability Data breach expenses Network security liability Also available: Internet media liability Network extortion Business interruption & digital asset loss 19

20 Privacy Liability Coverage Buyers are not just IT, but are: Risk Managers, CISO/CPO, General Counsel Compliance Officers CFO Affirmative coverage is key! What s the intent of your GL, Crime, D&O? 20

21 Privacy Liability Coverage Does your policy include coverage for: Independent contractors? Temp staff, and part time help? Unencrypted data? Hard copy documents and spoken word? Mobile devices? Third party vendors related to your IT? Does your insurance carrier: Provide access to tools, resources, and pre-negotiated rates for pre-screened data breach vendors? Have underwriters, product managers, and claims handlers dedicated to privacy/cyber liability in the healthcare industry? 21

22 Privacy Liability Coverage Post-Breach Response Does your insurance carrier s approach fit your industry? Resources should be scalable to your organization complement or completely outsource your incident response process? Vendor choice is important! Don t overlook your third party liability coverage Patient class actions Statutory damages Credit card issuer demands Regulatory fines and penalties (where insurable) Premium range depending upon coverage levels 22

23 Wrap up Follow a multi-discipline approach to minimize data breach risk Privacy and compliance should be involved in data breach response decision-making process, One-size fits all approach doesn t work for data breaches Best practices for selecting privacy liability insurance policy Review policy language carefully Understand the tools and resources the carrier provides Evaluate the level of experience of claims staff 23

24 Q&A Jeremy Henley Insurance Solutions Executive ID Experts Anthony V. Dagostino Vice President Eastern Zone Manager & Healthcare Privacy/Technology Product Manager ACE USA

RIMS Cyber Presentation

RIMS Cyber Presentation RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating

More information

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,

More information

CYBER LIABILITY REINSURANCE SOLUTIONS

CYBER LIABILITY REINSURANCE SOLUTIONS CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber

More information

HEALTHCARE BREACH TRIAGE

HEALTHCARE BREACH TRIAGE IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards

More information

Evaluating Your Company s Data Protection & Recovery Plan

Evaluating Your Company s Data Protection & Recovery Plan Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart

More information

How to mitigate risks, liabilities and costs of data breach of health information by third parties

How to mitigate risks, liabilities and costs of data breach of health information by third parties How to mitigate risks, liabilities and costs of data breach of health information by third parties April 17, 2012 ID Experts Webinar www.idexpertscorp.com Rick Kam President and Co-Founder richard.kam@idexpertscorp.com

More information

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas Cyber Liability State of the Insurance Market & Risk Update Sept 8, 2016 ISACA North Texas Agenda Introduction Cyber Liability Overview State of Insurance Regulatory Update Questions and Discussion 2 Speakers

More information

Protecting Against the High Cost of Cyberfraud

Protecting Against the High Cost of Cyberfraud Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4

More information

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional

More information

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment

More information

AFTER THE OMNIBUS RULE

AFTER THE OMNIBUS RULE AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member

More information

HIPAA Basics: IMPORTANT HIPAA CONCEPTS. What We re going to Cover. Training for Employee Benefits Staff

HIPAA Basics: IMPORTANT HIPAA CONCEPTS. What We re going to Cover. Training for Employee Benefits Staff HIPAA Basics: Training for Employee Benefits Staff March 25, 2015 Norbert F. Kugele nkugele@wnj.com 616.752.2186 April A. Goff agoff@wnj.com 616.752.2154 What We re going to Cover Important HIPAA concepts

More information

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC Understanding Cyber Risk in the Dental Office Melissa Moore Sanchez, CIC Data Breaches are Escalating Between February 5, 2005 and May 26, 2012 561,465,563 records containing sensitive personal information

More information

Cyber & Privacy Liability and Technology E&0

Cyber & Privacy Liability and Technology E&0 Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.

More information

ARE YOU HIP WITH HIPAA?

ARE YOU HIP WITH HIPAA? ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined

More information

What is a privacy breach / security breach?

What is a privacy breach / security breach? What is a breach? What is a privacy breach / security breach? Privacy breach Computer security breach: The theft, loss or unauthorized disclosure of personally identifiable non-public information (PII)

More information

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017 You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business

More information

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: UPDATE 2015 February 20, 2015 I. Executive Summary HIPAA is a federal law passed by Congress to protect medical patient data privacy from misuse or disclosure

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Cyber Insurance 2017:

Cyber Insurance 2017: Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400

More information

Cyber, Data Risk and Media Insurance Application form

Cyber, Data Risk and Media Insurance Application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

When The Wind Blows: Renewable Energy Risk Management Strategies

When The Wind Blows: Renewable Energy Risk Management Strategies When The Wind Blows: Renewable Energy Risk Management Strategies Small Wind Conference 2017 1 Overview About HUB Insurance Solutions General Coverage Overview Stakeholders Cyber Liability Engineers and

More information

H E A L T H C A R E L A W U P D A T E

H E A L T H C A R E L A W U P D A T E L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.

More information

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice

More information

Cyber Risk Mitigation

Cyber Risk Mitigation Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information

More information

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report

More information

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Insuring your online world, even when you re offline. Masterpiece Cyber Protection Insuring your online world, even when you re offline Masterpiece Cyber Protection Protect your online information from being an open network 97% of Chubb clients who had a claim paid were highly satisfied

More information

HITRUST CSF and CSF Assurance Program Requirements for Health Information Exchanges Version 1.1

HITRUST CSF and CSF Assurance Program Requirements for Health Information Exchanges Version 1.1 HITRUST CSF and CSF Assurance Program Requirements for Health Information Exchanges Version 1.1 Table of Contents 1 Introduction... 3 1.1 Purpose... 3 1.2 External References... 3 1.3 Background... 4 1.3.1

More information

DEBUNKING MYTHS FOR CYBER INSURANCE

DEBUNKING MYTHS FOR CYBER INSURANCE SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?

More information

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent)

More information

Business Associate Risk

Business Associate Risk Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation

More information

Highlights of the Omnibus HIPAA/HITECH Final Rule

Highlights of the Omnibus HIPAA/HITECH Final Rule Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737

More information

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15) Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent

More information

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda New HIPAA Breach Rules NAHU presents the WHAT and WHYs Presenters: David Smith JD, Vice President, Ebenconcepts Tom Jacobs JD, co-ceo eflexgroup Moderator: Ric Joyner CEBS CFCI, co-ceo, eflexgroup 1 Agenda

More information

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know 1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013

More information

Why choose Hiscox C-Suite?

Why choose Hiscox C-Suite? HISCOX C-SUITE It s easier than ever to place your Executive Liability business with Hiscox. We offer a market-leading management liability and crime solution with clear policy language, simplified application,

More information

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE Deerfield Insurance Company Evanston Insurance Company Essex Insurance Company Markel American Insurance Company Markel Insurance Company Associated International Insurance Company DataBreach SM APPLICATION

More information

PRIVACY AND CYBER SECURITY

PRIVACY AND CYBER SECURITY PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information

More information

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction

More information

Cyber Risks & Insurance

Cyber Risks & Insurance Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of

More information

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker Safeguarding Your HIPAA and Personal Health Information Data Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker 1 Overview» Patient information confidentiality Grant requirements

More information

BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION

BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION NOTICE: INSURING AGREEMENTS I.A., I.C., I.D. AND I.F. OF THIS POLICY PROVIDE COVERAGE

More information

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300

Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Texas Health and Safety Code, Chapter 181 Medical Records Privacy Law, HB 300 Training Module provided as a component of the Stericycle HIPAA Compliance Program Goals for Training Understand how Texas

More information

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,

More information

503 SURVIVING A HIPAA BREACH INVESTIGATION

503 SURVIVING A HIPAA BREACH INVESTIGATION 503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented

More information

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA / HITECH. Ed Massey Affiliated Marketing Group HIPAA / HITECH Agent Understanding And Compliance Presented By: Ed Massey Affiliated Marketing Group It s The Law On February 17, 2010 the Health Information Technology for Economic and Clinical Health

More information

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds

More information

Anatomy of a Data Breach

Anatomy of a Data Breach Anatomy of a Data Breach May 17, 2017 Lucie F. Huger Officer, Greensfelder, Hemker & Gale, P.C. Mary Ann Wymore Officer, Greensfelder, Hemker & Gale, P.C. Information is the New Oil! Companies are collecting

More information

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises

More information

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA ALLISON SHUREN, J D, MSN Financial Disclosure Gerald Meltzer is a consultant for imedicware Allison Shuren co-chairs the Life Sciences and Healthcare Regulatory

More information

HIPAA Security How secure and compliant are you from this 5 letter word?

HIPAA Security How secure and compliant are you from this 5 letter word? HIPAA Security How secure and compliant are you from this 5 letter word? January 29, 2014 www.prnadvisors.com 1 1 About me Over 20 Years in IT as hand-on leader Implemented EMR s of all sizes for Hospitals,

More information

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,

More information

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention

More information

Be the GAME CHANGER.

Be the GAME CHANGER. Be the GAME CHANGER. DISCLAIMER Seminar materials and presentations are intended to provide you with guidance and insight with regard to the selected topics. However, your instructor is not an attorney;

More information

HIPAA Final Omnibus Rule Playbook

HIPAA Final Omnibus Rule Playbook DOWNLOADABLE GUIDE HIPAA Final Omnibus Rule Playbook Your Ticket to Winning the Compliance Game Offensive Plays HIPAA Privacy Rule Defensive Plays HIPAA Security Rule Special Team Plays Breach Notification

More information

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE August 2017 WHO NEEDS PCI TRAINING? THE FOLLOWING TRAINING MODULE SHOULD BE COMPLETED BY ALL UNIVERSITY STAFF THAT: - PROCESS PAYMENTS

More information

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and

More information

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

Legal and Privacy Implications of the HIPAA Final Omnibus Rule Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,

More information

Credit Card Handling Security Standards

Credit Card Handling Security Standards Credit Card Handling Security Standards Overview This document is intended to provide guidance regarding the processing of charges and credits on credit and/or debit cards. These standards are intended

More information

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available   group. Industry leading Education Certified Partner Program Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/

More information

Cyber Exposures: The Importance of Risk Identification and Transfer. Presented By: Joe Weipert

Cyber Exposures: The Importance of Risk Identification and Transfer. Presented By: Joe Weipert Cyber Exposures: The Importance of Risk Identification and Transfer Presented By: Joe Weipert The Complexity of Cyber Risk and its Severity My Goal Today: Getting Your Attention in 30 Minutes Average Claim

More information

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear

More information

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION NOTICE: THIS APPLICATION IS FOR CLAIMS-MADE AND REPORTED COVERAGE, WHICH APPLIES ONLY TO CLAIMS FIRST MADE AND REPORTED IN WRITING DURING THE POLICY PERIOD, OR ANY EXTENDED REPORTING PERIOD. THE LIMIT

More information

Cyber Risk Management

Cyber Risk Management Cyber Risk Management Privacy & Data Protection Agenda 2 Introductions Risk Management 101 Defining & Quantifying a Breach Prevention, Mitigation & Transfer Strategies Finance Strategy- Cyber Insurance

More information

ACC Compliance and Ethics Committee Presentation February 19, 2013

ACC Compliance and Ethics Committee Presentation February 19, 2013 ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA

More information

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

AMA Practice Management Center, What you need to know about the new health privacy and security requirements 1. HIPAA Security Rule Johns, Merida L., Information Security, in Johns, Merida L. (ed.) Health Information Management Technology, an Applied Approach, AHIMA: Chicago, IL, 2nd ed. 2007, chapter 19, pp.

More information

Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage

Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage Presenting a live 90-minute webinar with interactive Q&A Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage THURSDAY, OCTOBER 5, 2017 1pm Eastern 12pm Central

More information

Add our expertise to yours Protection from the consequences of cyber risks

Add our expertise to yours Protection from the consequences of cyber risks CyberEdge THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY Add our expertise to yours Protection from the consequences of cyber risks What is CyberEdge? 2 CyberEdge

More information

Cyber Liability Insurance for Sports Organizations

Cyber Liability Insurance for Sports Organizations Cyber Liability Insurance for Sports Organizations The biggest threat to your organization or club isn t a loss of funds. It s a loss of data. From online sign-ups and payment systems to social media

More information

Directors & Officers Insurance 101

Directors & Officers Insurance 101 Directors & Officers Insurance 101 The outlines of coverage used throughout this presentation are not intended to express any legal opinion as to the nature of coverage. They are only intended to provide

More information

Determining Whether You Are a Business Associate

Determining Whether You Are a Business Associate The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information

More information

T A B L E of C O N T E N T S

T A B L E of C O N T E N T S INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

Cyber breaches: are you prepared?

Cyber breaches: are you prepared? Cyber breaches: are you prepared? Presented by Michael Gapes, Partner Overview What is cyber crime? What are the risks and impacts to your business if you are a target? What are your responsibilities do

More information

Cyber-Insurance: Fraud, Waste or Abuse?

Cyber-Insurance: Fraud, Waste or Abuse? SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major

More information

Privacy Rule - Complaint Investigations

Privacy Rule - Complaint Investigations Update on Enforcement of the HIPAA Privacy and Security Rules Marilou King, JD Office for Civil Rights U.S. Department of Heath and Human Services www.hcca-info.org 888-580-8373 Privacy Rule - Complaint

More information

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

The wait is over HHS releases final omnibus HIPAA privacy and security regulations The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview

More information

HIPAA and Lawyers: Your stakes have just been raised

HIPAA and Lawyers: Your stakes have just been raised HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory

More information

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally

More information

Negotiating Business Associate Agreements

Negotiating Business Associate Agreements Negotiating Business Associate Agreements February 19, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON, DC About HIPAA HIPAA is a federal

More information

OMNIBUS RULE ARRIVES

OMNIBUS RULE ARRIVES AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan

More information

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense View the Replay on YouTube HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense FairWarning Ready Executive Webinar Series June 4, 2013 Agenda HIPAA Omnibus Rule s effects on future enforcement

More information

Crawford Cyber Risk Services. A definitive solution for cyber-related events

Crawford Cyber Risk Services. A definitive solution for cyber-related events Crawford Cyber Risk Services A definitive solution for cyber-related events CYBER-RELATED EVENTS An Increasing Threat Companies in all industries face an increasing threat of a cyber attack and cyber-related

More information

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile

More information

Cyber Risk & Insurance

Cyber Risk & Insurance Cyber Risk & Insurance Digitalization in Insurance a Threat or an Opportunity Beirut, 3 & 4 May 2017 Alexander Blom - AIG 1 Today s Cyber Presentation Cyber risks insights from an insurance perspective

More information

CyberRisk: What we know and what we don't know

CyberRisk: What we know and what we don't know CyberRisk: What we know and what we don't know JOHN MULLEN, ESQ., LEWIS BRISBOIS BISGAARD & SMITH LLP ADAM COTTINI, ARTHUR J GALLAGHER MARCH 16, 2016 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

More information

Cyber Enhancement Endorsement

Cyber Enhancement Endorsement Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?

More information

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

HOW TO INSURE CYBER RISKS? Oulu Industry Summit HOW TO INSURE CYBER RISKS? Oulu Industry Summit 2017 6.10.2017 Panu Peltomäki Liability and Financial Lines Practice Leader Marsh Oy Marsh A Leader in Quality, Scope, and Scale GLOBAL RISKS OF CONCERN

More information

FIDUCIARY LIABILITY Risk review performed for: Date:

FIDUCIARY LIABILITY Risk review performed for: Date: ForeFront Portfolio SM Risk Analyzer for Privately Held Companies FIDUCIARY LIABILITY Risk review performed for: Date: The Purpose of the Risk Analyzer When it comes to insuring your company, you can

More information

Data Breaches in ERISA Benefit Plans: Prevention and Response

Data Breaches in ERISA Benefit Plans: Prevention and Response Presenting a live 90-minute webinar with interactive Q&A Data Breaches in ERISA Benefit Plans: Prevention and Response Navigating Regulations Governing Self and Fully Insured Plans; Complying with Notice

More information

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Revised December 6, 2017 Table of Contents Statement of Policy 3 Reason for Policy 3 HIPAA Liaison 3 Individuals and Entities Affected

More information

Data Breach Program Pricing Companies with revenues less than $1,000,000

Data Breach Program Pricing Companies with revenues less than $1,000,000 Data Breach Program Pricing Companies with revenues less than Limit of Liability Aggregate $250,000 $500,000 $2,000,000 Retention $1,000 $1,000 $1,000 $1,000 25,000 records $250,000 $500,000 Security &

More information

The Privacy Rule. Health insurance Portability & Accountability Act

The Privacy Rule. Health insurance Portability & Accountability Act The Privacy Rule Health insurance Portability & Accountability Act Enacted on August 21, 1996 to amend the Internal Revenue Code of 1986 To improve portability and continuity of health insurance coverage

More information

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners 2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners Providers, and Partners 2 Editor s Foreword What follows are excerpts from the U.S. Department of Health and

More information

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V. HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,

More information

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims NetDiligence 2013 Cyber Liability & Data Breach Insurance Claims Authored by: Mark Greisiger Sponsored by: AllClear ID Faruki Ireland & Cox PLL Kivu Consulting Introduction The third annual NetDiligence

More information

NZI LIABILITY CYBER. Are you protected?

NZI LIABILITY CYBER. Are you protected? NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is

More information

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015 APRIL 2015 CYBER RISK IS HERE TO STAY Even an unlimited budget for information security will not eliminate your cyber risk. Tom Reagan Marsh Cyber Practice Leader 2 SIMPLIFIED CYBER RISK MANAGEMENT FRAMEWORK

More information

UCLA Policy 420: Breaches of Computerized Personal Information

UCLA Policy 420: Breaches of Computerized Personal Information UCLA Policy 420: Breaches of Computerized Personal Information Issuing Officer: Executive Vice Chancellor and Provost Responsible Dept: Information Technology Services Effective Date: May 1, 2012 Supersedes:

More information

Cyber Risk Proposal Form

Cyber Risk Proposal Form Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information

More information