Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Issues Facing Medical Practice Managers

Similar presentations


Presentation on theme: "Cyber Issues Facing Medical Practice Managers"— Presentation transcript:

1 Cyber Issues Facing Medical Practice Managers
John Doernberg | May 4, 2018

2 What Your E&O/Cyber Policy Should Do
Your E&O/Cyber Policy Should Cover: Third-party claims arising from: acts, errors or omissions in the sale of technology products, or in the performance of technology or professional services; a failure of the insured’s network security (e.g., transmission of malicious code from insured’s to another’s network; use of insured’s network in a denial of service attack; corruption, destruction or deletion of data); or a failure to protect data or privacy. Regulatory actions, including fines and penalties, in connection with a security failure, privacy breach, or the failure to disclose a security failure or privacy breach. Out-of-pocket costs of responding to a security failure or privacy breach (see below) Business interruption and extra expense caused by insured’s network security failure by reimbursing for resulting lost income and extra operating expenses. (optional coverage, usually bears additional premium) Extortion and ransomware threats made against insured’s computer network and confidential information by an outsider attempting to extort money, securities, or other valuables. Coverage includes monies paid to end the threat and the cost of an investigation to determine the cause of the threat. Media-related liability for content distributed on insured’s website. Coverage is generally provided for copyright infringement, trademark infringement, personal or product defamation, and invasion of privacy. Fines, penalties and assessments assessed in connection with a payment card (PCI) breach. (optional coverage, often sublimited, may bear additional premium if significant number of cards involved)

3 What Your E&O/Cyber Policy Should Do
Your E&O/Cyber Policy Should Pay For: Forensic investigation to determine the scope and extent of the breach Legal expenses incurred in: Determining notification obligations under applicable laws Dealing with regulatory and law enforcement authorities and responding to investigations Defending any claims for damages arising out of your delivery / failure to deliver services (technology or other) Giving advice in connection with management of the breach and associated disclosures Notice to affected individuals under applicable laws Credit monitoring and/or identity theft services or insurance to affected individuals Public relations for reducing the potential exposure Call center support to respond to customer inquiries and concerns Cyber extortion costs associated with preventing activities such as ransomware, introduction of a virus or other attack to an insured’s network, release of unauthorized data or damaging an insured’s computer system Regulatory fines and penalties to the extent allowed by law Resolving claims for damages by those affected by the breach, such as customers, clients and business partners Retrieving and restoring data, hardware, software or other information damaged or destroyed in a cyber attack Penalties imposed by payment card companies and claims made by banks (e.g., for fraudulent charges, notifying bank card customers, closing customer accounts and reissuing payment cards) if credit card information was breached

4 2018 FBI Advisory re: Cyber Theft
Risk management practices that almost all organizations should adopt: The public service announcement contains a list of recommendations intended to help organizations reduce the risk of being victimized by W-2 and wire-transfer scams. These include: Limit who can (1) handle requests for W-2s, or (2) approve or process wire transfers. After receiving a request for W-2 information or a wire transfer seemingly from someone within the organization, verify the request using “out of band authentication” – that is, do not respond to the making the request but instead determine its authenticity by independently contacting the purported sender using some other channel of communication. A phone call directly to the executive is probably the most common means of independent verification, and the PSA lists some others. Call vendors and suppliers to verify purported changes in payment instructions, using a phone number from a separate known contact list. Do not call any phone number contained in the communication requesting the change. Keep lists of vendors with names and contact information for anyone authorized to request or approve changes in payment instructions. It is preferable for the lists to be on paper and not in electronic files. Require multiple approvals for certain wire transfers, such as those involving: Amounts more than a designated threshold; New recipients or those not already on the organization’s list of approved wire transfer recipients; New bank or account numbers; or Countries to which wire transfers have not normally been made.


Download ppt "Cyber Issues Facing Medical Practice Managers"

Similar presentations


Ads by Google