Cyber breaches: are you prepared?

Similar documents
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

A GUIDE TO CYBER RISKS COVER

NZI LIABILITY CYBER. Are you protected?

At the Heart of Cyber Risk Mitigation

Add our expertise to yours Protection from the consequences of cyber risks

Emerging legal and regulatory risks

Your defence toolkit. How to combat the cyber threat

Cyber Risks & Insurance

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Cyber & Privacy Liability and Technology E&0

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Legal Compliance Education and Awareness. Privacy Act (Commonwealth)

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

Cyber-Insurance: Fraud, Waste or Abuse?

Cyber Risk Proposal Form

PRIVACY STATEMENT. For further details on PCB s privacy policy contact:


Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Chubb Cyber Enterprise Risk Management

Cybersecurity Privacy and Network Security and Risk Mitigation

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification

Cyber Insurance for Lawyers

Guide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information

Australia's new mandatory data breach notification laws

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

CYBER RISK INSURANCE. Proposal Form

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

PRIVACY AND CYBER SECURITY

Cyber Enhancement Endorsement

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

FM Global. First-Party Property Cyber Coverage

Cyber Security & Insurance Solution Karachi, Pakistan

Cyber Risk Insurance. Frequently Asked Questions

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Computer Cyber Insurance

CYBER INSURANCE GUIDE

Privacy and Data Breach Protection Modular application form

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

Cyber, Data Risk and Media Insurance Application form

Cyber Liability: New Exposures

Cyber Risk Mitigation

Protecting Against the High Cost of Cyberfraud

Evaluating Your Company s Data Protection & Recovery Plan

CYBER LIABILITY REINSURANCE SOLUTIONS

DATA COMPROMISE COVERAGE FORM

PAI Secure Program Guide

2015 EMEA Cyber Impact Report

Privacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.

Combined Liability Insurance for Financial Technology Companies Proposal Form

Cyber Liability Launch Event Moscow

Cyber-insurance General terms and conditions

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

Cyber Risks & Cyber Insurance

personal information AML information

Cyber Security Liability:

THE GENERAL DATA PROTECTION REGULATION

Cyber insurance: The next frontier. Cyber insurance the next frontier

What can be done to mitigate cyber risk?

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

Cyber Risk & Insurance

COMMERCIAL CRIME PROTECTION INSURANCE Policy Summary

Tech and Cyber Claims Services

Privacy & Data Protection Procedure-Box Hill Institute Group

Cyber Security Insurance Proposal Form

Claim Form Claim Number (office use only)

Crawford Cyber Risk Services. A definitive solution for cyber-related events

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY

MANAGING DATA BREACH

Case study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms

RISK MANAGEMENT MITIGATION & INSURANCE FOR PRIVATE PRACTICE

ING Privacy Policy. Issued June 2017

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

Does the Applicant provide data processing, storage or hosting services to third parties? Yes No

Linemac Toyota s APP Privacy Policy

Travelers CyberRisk Risks, responses and the reassurance we offer

AMIST Super. Privacy Policy

SECURITY SAFEGUARD BREACH GUIDE

Our privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?

ARE YOU HIP WITH HIPAA?

Fraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Gallagher Benefit Services Pty Ltd - Privacy Policy

University of Wollongong

Cyber Liability Insurance for Sports Organizations

dfcu BANK LIMITED E-banking Terms of use

* Unless otherwise indicated, this policy will still apply beyond the review date.

503 SURVIVING A HIPAA BREACH INVESTIGATION

Data Thefts and Protecting Client Tax Information

An Overview of Cyber Insurance at AIG

Cyber Liability A New Must Have Coverage for Your Soccer Organization

HEALTHCARE BREACH TRIAGE

Insurance Policy Schedule

Privacy Policy. Effective Date 1 December 2017

Cyber ERM Proposal Form

Transcription:

Cyber breaches: are you prepared? Presented by Michael Gapes, Partner

Overview What is cyber crime? What are the risks and impacts to your business if you are a target? What are your responsibilities do you have to protect a patient s personal and health information? How can you protect your organisation from a cyber breach? What are the insurance solutions available to transfer the risk? www.carternewell.com 2

So what is cyber crime? When an individual s or an organisation s electronic data is subject to loss or unauthorised access, use, disclosure, copying or modification. There are different types of cyber crime including: Unauthorised access or hacking; Malware; and Denial of service attacks. These types of attacks are criminal offences under the Criminal Code Act 1995 (Cth), as well as state and territory laws. If you are attacked, report it to the Police and ACORN. www.acorn.gov.au Cyber breaches can also arise due to employee negligence or poorly managed data sharing and monitoring practices. Can also arise due to malicious acts of employees and former employees. www.carternewell.com 3

Some statistics for you Cybercrime costs the Australian economy over $2 billion annually. 5.4 million Australians were victims of cyber crime in 2012. 693,000 businesses experienced a cyber crime in 2014. Recent studies have revealed that up to 70% of all targeted companies are small businesses. The average cost to a business who has been subjected to a cyber breach was $2.64 million. Post-cyber breach costs on average were $640,000 in 2016 (includes remediation activities, legal costs, regulatory interventions etc.). Cyber breaches cost companies an average $142 per record compromised in 2016. 60% of companies will go out of business within one year of a cyber breach. 85% of customers who had their personal data compromised will not deal with the offending organisation again. Source: Ponemon Institute Research Report www.carternewell.com 4

Some statistics from the healthcare industry There has been a 600% (yes, 600%) increase in cyber attacks on healthcare organisations since 2014. The healthcare industry has 4 times the number of security breaches than other industries. The industry is 3 times more likely to encounter data theft. Patient information is 10 times more valuable than other data on the black market. www.carternewell.com 5

Some household names here Woolworths iinet Aussietravel cover UQ David Jones K-Mart Aussie Farmers Patagonia Clothing Company QLD Tafe Bureau of Meteorology The Federal Department of Employment West Australian Parliament www.carternewell.com 6

www.carternewell.com 7

Some industry specific examples Miami Family Medical Centre A ransomware attack. Russian hackers demanded a ransom of $4000 to decrypt information on the practice s server. www.carternewell.com 8

Some industry specific examples (cont d) Royal Melbourne Hospital (2015) A virus attack affected the hospital s Windows XP operating system. Subsequently discovered that it has some serious security faults which have allowed hackers to take control of the system remotely. The virus impacted the Pathology and Radiology Departments. It was reported that the hospital was forced to send its major trauma patients to other hospitals. Luxottica Retail Australia (2015) Test results and contact details of hundreds of Australian Defence personnel inadvertently sent to China. www.carternewell.com 9

So what are the impacts to your business? Business interruption Damage to network and system Investigation and compliance costs Loss of revenue Loss of clients (liability to 3 rd parties less easy to predict) Reputational and brand damage Regulatory investigations Fines and penalties Civil claims www.carternewell.com 10

What are your responsibilities regarding personal and health information? The Privacy Act 1998 (Cth) regulates the handling of personal information (including health information) about individuals. The Act applies to all private sector health service providers. (state and territory public hospitals and health services are not covered under the Act, but may be covered by state or territory legislation). Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Health information is information about an individual s health or disability, as well as any other personal information collected while an individual is receiving a health service. www.carternewell.com 11

The Privacy Act 1998 (Cth) In March 2014, a unified set of Australian Privacy Principles (APPs) that apply to all Commonwealth Government agencies and all businesses with annual turnovers >$3 million. There are 13 APPs which cover everything from the use and collection of personal information, to data security, data quality and access rights. APP 11 Security of Personal Information: An APP entity that holds personal information must take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. An APP entity must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs. Reasonable steps consider the nature and amount of personal information held. www.carternewell.com 12

Breaches of the APPs A breach of an APP will be an interference with privacy under the Act. The Australian Information Commissioner has the power to investigate possible interferences with privacy, either following a complaint by an individual or on his own initiative. The Commissioner has a wide range of enforcement powers, including enforceable undertakings, determinations and can seek civil penalties of up to $340,000 against individuals and up to $1.7 million against corporations. See www.oaic.gov.au www.carternewell.com 13

Future developments? Mandatory notification of security breaches for organisations with turnovers > $3 million: Notifying the Australian Information Commission of serious data breaches ; Notifying affected individuals. A new tort of privacy. www.carternewell.com 14

How can you protect your organisation from a cyber breach? Manage the risk: Understand the nature of the data you hold, assess whether it is accessible by third parties and identify the risks that this data faces from a cyber attack. Have an IT Response Plan: see the OAIC website for an example. www.oaic.govt.au Have a Crisis Management Response Plan: to assist you in dealing with clients, regulators, the media and third parties. www.carternewell.com 15

How can you protect your organisation from a cyber breach? (cont d) www.cert.gov.au Implement effective risk management strategies, procedures and protocols to protect the data, including: Keep your software up-to-date; Install reputable security software, which includes a firewall, anti-virus and antispyware applications; Develop a backup strategy for your data; Change all default passwords across all operating systems; Create non-administrator level accounts; Adopt safe online practices, including have an Acceptable Use Policy; Secure any remote access services and implement a BYOD policy; Protect critical information by using encryption; Obtain data breach and cyber liability insurance. Train your staff in these strategies, procedures and protocols www.carternewell.com 16

Data breach and cyber liability insurance Many traditional liability insurance policies such as Management Liability or Professional Indemnity policies won t cover many of the data breaches and cyber crime risks faced by day hospitals. For instance, these policies won t cover losses arising out of: Your IT network being hacked and you are locked out of your network Your patient data has been stolen, leaked or held to ransom You are being investigated by the OAIC So a standalone data breach and cyber liability policy is the best way to combat these risks and potential liabilities. www.carternewell.com 17

What is a data breach and cyber liability policy and what does it cover? A good policy will cover a range of potential exposures, including: Personal and corporate data liability Will pay damages and defence costs for a data breach involving personal or corporate information Outsourcing exposures Data security liability Forensic services Will pay damages and defence costs for a data breach arising out of the outsourcing of the collection, storage or processing of any data. Will pay damages in the event of physical theft of hardware, data, contamination, denial of access or corruption of data. Will meet costs of IT experts retained to remediate any damage due to breach. www.carternewell.com 18

What is a data breach and cyber liability policy and what does it cover? (cont d) Defence costs Fines and penalties Notification and monitoring costs Reputation repair Cyber extortion Media content Network interruption Will pay costs incurred in defending any civil claims or costs involved in responding to any official investigations (for examples, by the OAIC). Will pay any insurable fines and penalties imposed by a government or regulatory authority. If affected individuals need to be notified or monitoring put in place for mitigation purposes. Will meet costs of a PR company being engaged to mitigate damage sustained to company or individual. Will pay any cyber extortion loss (for example, a ransom) to end a security threat (subject to local laws etc). Will pay damages in the event of a breach of copyright, IP, plagiarism, piracy, invasion of privacy etc. Will pay income losses suffered as a result of a security failure or breach. www.carternewell.com 19

What is a data breach and cyber liability policy and what does it cover? (cont d) A good data breach and cyber liability policy will offer a wide range of cover, with appropriate limits of indemnity. The cost of these policies is extremely modest. It is highly recommended that all healthcare sector participants obtain appropriate data breach and cyber liability insurance. Call Mediprotect on 1800 177 163 or visit www.mediprotect.com.au. www.carternewell.com 20

Questions and Resources Useful resources: www.oaic.gov.au www.acorn.gov.au www.cert.gov.au www.mediprotect.com.au www.carternewell.com 21

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback