Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber and Social Media in Long Term Care LTC Risk Legal Forum

Published byOuti Hannele Koskinen Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber and Social Media in Long Term Care LTC Risk Legal Forum"— Presentation transcript:

1 Cyber and Social Media in Long Term Care LTC Risk Legal Forum
March 10, 2016 Mark Karlson CPCU, ARM Managing Director Marsh USA Judy Pearson Managing Director Marsh USA

2 Who Are We: Marsh and Mark
Marsh: Global Risk and Insurance Services Firm Parent: Marsh & McLennan Company (NYSE: MMC) US HealthCare Practice 27 of top 50 non-profit Hospitals 25 of top 50 for-profit Hospitals 18 of top 25 Health Insurers US Cyber Liability Team 25 dedicated team members 1,400 cyber, privacy, network security, technology clients Mark Karlson HealthCare National Practice Leader for Management Liability April 28, 2019

3 Agenda Cyber and HealthCare Cyber events in HealthCare
Why is HealthCare a cyber / social media target? Cyber Risk Management Approaches Cyber Insurance Market Social Media in Long Term Care Residents Families Employees Business Operations Social Media Best Practices April 28, 2019

4 Why is Cyber such an issue for Healthcare?
Data intensive industry ACA Reform drives collaboration => data movement Patient / Provider connectivity dynamic increases risk Capital investments needed to upgrade systems False Claims identification Disgruntled employee exposure Connectivity of employees and social media activity HIPAA, HITECH and other Regulatory requirements Patient frequency of activity review (or family review) April 28, 2019

5 Cyber Events in HealthCare
Recent Breach Events in HealthCare- number of records Anthem: 79 million Anthem: 9 million Excellus: 10 million Premera: 11 million Carefirst: 1 million Statistics HealthCare was 35% of all data breach events as of mid 2015 but 68% of total records breached 90% of HealthCare entities have experienced a breach 125% increase in criminal attacks on Healthcare in past 5 years $13,500 cost to each patient to repair/recover from breach $2million - average event cost in HealthCare April 28, 2019

6 Cyber Events and Regulatory Liability
Recent Examples Anthem: $1.7mil for HIPAA violation HealthNet: $250,000 penalty by CT Attorney General Beth Israel: $100,000 penalty by MA Attorney General NY Presbyterian: $4.8mil for HIPAA violation California Medical Information Act: up to $4,000 per person Office of Civil Rights: $50,000 per violation April 28, 2019

7 Why is HealthCare data attractive to threat actors?
Black market value of PHI is higher than value of Social Security # Latency potential between event and data usage Credit Cards are quickly shut down and reissued Uses of data: Identity theft and impersonation Access to Medical Care Access to financial information and institutions Access to SS# and other personal identity info Access to pharmaceuticals Nation State Attacks Seeking data on US population Seeking Passwords and access to corporate systems Industrial espionage April 28, 2019

8 The Reality… April 28, 2019 7 April 28, 2019

9 Cyber Attacks in HealthCare
April 28, 2019 8 April 28, 2019

10 Cyber and Social Media Risk Management Approaches
Technology safeguards and platform design Breach event planning and rehearsal BAA Agreements Patient / Family Privacy Agreements Employee awareness and training Penetration testing Independent review: FireEye, Mandiant, Ceyence, etc Cyber Insurance April 28, 2019

11 US Cyber Insurance Marketplace
Annual premium volume information about the U.S. Cyber Risk market is hard to come by, but in reviewing the market, we have concluded that the annual gross written premium may be as much as $2.5 billion A limited number of very large writers, with premiums in excess of $100 million (AIG, ACE, Beazley, Zurich) Several carriers in the $ million range (Endurance, XL, etc.) Several more in the $25-50 million range (Liberty, etc.) Numerous carriers and Managing General Underwriters writing $ million Several writing in the $5-10 million and $1-5 million ranges

12 CYBER INSURERS: Market Capacity - Cyber Coverage (All numbers in millions) Market Capacity Primary Excess US ACE USA 25 10 Admiral 5 AIG (Executive Liability & Lexington) 15 Alterra Arch Capital Argo Pro Aspen AWAC AXIS Beazley Berkley Berkshire CFC Underwriting Chartis Cat Excess Chubb CNA Endurance Freedom Hartford Hiscox IronShore Liberty Markel (Evanston) Navigators One Beacon Philadelphia QBE RLI RSUI ScorRe Starr SwissRe ThinkRisk Travelers Westchester XL Zurich US Total US 515 195 405 Market Capacity - Cyber Coverage (All numbers in millions) Bermuda ACE AIG Cat Excess 25 15 Aspen** AWAC Alterra (shared capacity with US) 10 Chubb Atlantic** Endurance IronStarr Markel XL 5 Total Bermuda 165 110 London Ace Global (shared with US) 40 Aegis ANV 20 Aspen Barbican Brit CFC Kiln Liberty Novae Total London 175 135 170 Summary Total US 515 195 405 Total Facultative Reinsurance Total Global Market 865 330 690 Available capacity may be impacted by factors such as 1. Breadth of coverage pursued 2. Lead / primary carrier(s) 3. Excess carriers 4. Loss experience 5. Retention(s) & coinsurance 6. Premium 7. Financial condition

13 HealthCare Cyber Rate Changes Q1 2015: 6.9%avg

14 HealthCare Cyber Rate Changes Q4 2015: 50%+ avg

15 Non HealthCare Non Retail Cyber Rate Changes Q4 2015: 10% avg

16 CYBER INSURANCE DEFINED – First Party Coverages
Business Income Lost revenues due to a cyber event Data Asset Protection Costs to recover or recreate data Event Management Forensic costs, notification costs, credit monitoring costs Service providers to handle an event Cyber Extortion Costs to respond to a cyber extortion event

17 CYBER INSURANCE DEFINED – Third Party Coverages
Privacy Liability Costs to respond to a lawsuit arising out of a breach Customers, employees, third parties are likely claimants Network Security Liability Costs to respond to a lawsuit arising out of network or security failure Customers are likely claimants Privacy / Regulatory Liability Costs to respond to a regulatory action Media Liability Costs to respond to allegations that online content included libel, slander, misappropriation, plagiarism, etc

18 CYBER INSURANCE DEFINED – Exclusions
Mechanical issues Prior claims, SEC Liability, ERISA Liability, Bodily Injury, Property Damage, Employment Liability, etc Asbestos, pollution Types of cyber insurance not purchased Legal limitations Violations of Sherman Act, antitrust, RICO, FLSA, etc Criminal or fraudulent acts (but defense applies until proven) Patent Infringement Damages do not include: Future profits, return of fees, fines, taxes, sanctions, penalties

19 INSURANCE GAP ANALYSIS
The example depiction on the following page is an illustration of a sample gap analysis. Is Loss or damage to reputation coverage available on cyber? Not Covered Covered Dependent upon specifics of claims, may not be covered Note: All insurance coverage is subject to the terms, conditions, and exclusions in the applicable individual policies. Marsh cannot provide assurance that insurance can be obtained for any particular client or risk.

20 Advice to Clients: Have a Strategy and a Plan
Governance and Executive Level attention for Data Breach Plan Identify potential threats Identify data assets and their location Prioritize exposures and create a roadmap to secure assets Update Data Breach Plan regularly Test the Plan and the Security Train Employees and make it real Have appropriate Insurance coverage

21 Social Media as a subset of Cyber
Social Media – Platforms used by patients, employees, families, etc For better or worse Has become part of the environment Is not totally controllable May or may not create a clear trail of origination and liability Is extremely easy to access Is a necessary part of operating a LTC business Allows for positive / negative online commentary Is not exempt from HIPAA and other regulatory requirements

22 LTC Social Media Residents/Patients
Patient medical information must remain private No PHI should ever be posted online by an employee, patient, or family member HIPAA does not exempt social media activities No medical advice should be given in response to a post No pictures of a resident without prior written permission WiFi User Agreements

23 LTC Social Media Families
Marketing to future customers Dialogue with families of residents Resident / Legal guardian agreement to social media guidelines Communication Resident to Family Family to employees Fundraising activities for non-profits Pictures Use of LTC logo Disclaimers

24 LTC Social Media Employees
Mandatory training around privacy and social media Monitor on-line postings by employees Nurses / Care Givers often use online forums to discuss care and experiences Employees may be sued for defamation, breach of privacy, or harassment Employees must not discuss their work experiences in the same way that they discuss their personal experiences Training: Posted information does not go away and cannot be limited to intended recipient Disclaimers – require on personal posts regarding LTC facility Discourage “Friending” of residents and families

25 LTC Social Media Business Operations
Design an intentional approach to Social Media Who can post? Who can comment? Who can “like”? Who will monitor? Train employees Boundaries work/personal No expectation of privacy – monitoring Prohibit pictures without express written permission Computer Access: personal, Skype, Web time, etc How to respond to resident/family posts? Social Media in hiring /firing employees

26 LTC Social Media Conclusions
Have an implementation plan and a strategy Have an incident response plan Act with Privacy, Respect, Honesty Seek legal guidance Safeguard cyber/data/operational systems from social media systems Review potential insurance solutions for cyber/data breach risks

27 Thank You Judy Pearson Mark Karlson CPCU, ARM
Western Zone Senior Care Leader Marsh National Healthcare Practice Marsh Risk & Insurance Services Von Karman, Suite 1100 Irvine, CA 92614, USA Office: Mobile: m Mark Karlson CPCU, ARM Managing Director, Marsh FINPRO National Practice Leader for HealthCare Management Liability 20 Church St, 8th Floor Hartford, CT  06103 P:

Download ppt "Cyber and Social Media in Long Term Care LTC Risk Legal Forum"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Overview of Cybercrime

Overview of Cybercrime
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215) 496-7241

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Name Paul Kobyra Location Norwalk, CT Insurance Market Report - 2nd Quarter 2003.

Name Paul Kobyra Location Norwalk, CT Insurance Market Report - 2nd Quarter 2003.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Insurance Market Update

Insurance Market Update
. www.InsuranceCommunityUniversity.com E-Business Risk and Insurance.

. E-Business Risk and Insurance.

Similar presentations

Ads by Google