Cyber Liability

Healthcare Faces Lingering Cyber Threats Amid COVID-19

The healthcare industry has undergone many changes in recent years, particularly centered on new technologies for managing patient encounters and to facilitate treatment. Electronic patient records and telemedicine options are some of the primary technologies adopted by healthcare facilities. In the wake of the COVID-19 pandemic, these technologies allow healthcare delivery without direct contact between caregivers and patients. Unfortunately, with new technologies come new risks; healthcare cyber liability concerns related to criminal activity have risen dramatically. Many experts believe these emerging cyber liabilities will continue to linger far beyond the end of the pandemic, necessitating a careful look at the risk management strategies available to healthcare organizations. 

Cyber Criminals Targeting Enterprise Systems and Patient Data

Across industries, information technology professionals have experienced a sharp uptick in cyber criminality. In the healthcare sector, hackers have intruded into networks to interfere with information-sharing between health organizations. In the Czech Republic, the hospital responsible for managing COVID-19 testing for the country was the victim of a cyberattack, necessitating the shutdown of the facility’s network. Similar attacks targeted the U.S. Department of Health and Human Services (HHS) and the World Health Organization (WHO). 

Healthcare systems have been a prime target for criminals, owing to the value of patient records which may contain Social Security numbers, banking information, and sensitive personal details. When criminals gain access to patient data, this information is often sold on the black market, netting millions of dollars in illicit profits. Healthcare cyber liability exposures may include:

  • Malware – programs designed to look like legitimate apps, but redirect network traffic or data to criminal enterprises.
  • Ransomware – holding data or networks hostage until a ransom is paid to cyber criminals.
  • Distributed denial of service (DDoS) attacks – flooding healthcare networks with traffic to foil operations.
  • Social engineering hacks – individuals posing as members of an organization to gain access to sensitive passwords and healthcare data. 

Healthcare Cyber Liabilities: Emerging Threats

The COVID-19 crisis has ushered in new operational practices, including those used in the healthcare industry. Remote work has become an integral part of many businesses, allowing employees to work from the safety of their own homes. Unfortunately, because these remote work options are relatively new and unfamiliar to many employees, hackers have taken advantage of weak security practices to gain entry into critical networks. This trend is expected to continue after the pandemic is contained, potentially costing healthcare organizations millions of dollars in insurance claims, forensic investigations, and legal exposures. 

The “Internet of Things”(IoT) is also a potential weak point for cyber criminals to exploit. Internet-connected medical devices and mobile communication and computing technologies often exist under a patchwork of security settings and protocols, or may be relatively exposed to criminal activity. The pandemic has only increased the reliance on these connected devices. Once a hacker gains entry to a network from a connected medical device, access to enterprise and patient data is but a few mouse clicks away.

Managing Healthcare Cyber Liability

Healthcare organizations know that the COVID-19 pandemic has altered business operations, forcing employees and managers to approach work in new ways. With the adoption of technologies to make the transition smoother, cyber criminals have leveraged security weaknesses to gain access to enterprise systems.

It is imperative that organizations address their healthcare cyber liability exposures, employing robust risk management strategies backed by comprehensive cyber liability insurance solutions. Training employees on secure computer access practices and password management can foil many malware, ransomware, and social engineering hacks. Adopting best practices in terms of IT network intrusion detection and security go a long way toward eliminating criminal activity. It is a good idea for healthcare organizations to carefully review existing insurance coverages and to identify any coverage gaps that may lead to liability exposures. With these practices, healthcare facilities can stop cyber criminals in their tracks, protecting sensitive business and patient data and helping to ensure business continuity. 

About U.S. Risk

U.S. Risk, LLC. is a wholesale broker and specialty lines underwriting manager providing a wide range of specialty insurance products and services. Headquartered in Dallas, Texas and operating 16 domestic and international branches, U.S. Risk and its affiliates would like to help you access a world of new markets and products. For more information, contact us today at (800) 232-5830.

Cybersecurity

5 Measures for Effective Cybersecurity After COVID-19

Around the world, the coronavirus pandemic has had powerful effects on industries of all types. Businesses were forced to adapt quickly to protect their customers and their employees. Because COVID-19 required stringent social distancing and self-quarantine restrictions, many businesses shifted to online work environments to remain in operation. Other companies focused on e-commerce, allowing them to continue delivering the goods and services consumers needed. Cybersecurity, then, became ever more important, as remote employee access and online shopping took center stage in many business operations. As an effective risk-management strategy, business owners must leverage the protection of cyber liability insurance plans and industry best practices to keep their networks and their sensitive data safe. 

Challenges and Risks During the COVID-19 Pandemic

As businesses revamped their operations, moving to remote work environments for their employees, challenges and risks for cybersecurity professionals and business leaders grew rapidly. Some of the challenges include:

  • Access to critical business networks via personal computing devices and on less-secure home networks.
  • Employees unfamiliar with cybersecurity practices, making them vulnerable to social engineering hacks and similar cyber criminality.
  • Targeted attacks by criminals on already-strained networks, particularly critical services such as healthcare and banking operations.
  • A change in perceptions about anomalous network behaviors. Prior to the pandemic, these behaviors were seen as evidence of criminals attempting to breach computer security. Now, with so many people working from home, anomalous behaviors are the norm rather than the exception, making actual criminal activity harder to spot. 
  • Flaws in security on popular productivity software products, including video conferencing platforms like Zoom. 

Most importantly, business leaders may not be fully aware of the cyber risks their companies face in the dramatic upheaval of the pandemic and its aftermath. While cyber liability insurance is designed to protect against many risks associated with network breaches and data loss, it is critical that leadership understands these risks and makes efforts to manage them effectively.

The 5 Measures: Cybersecurity Now and Post-Pandemic

In response to the unprecedented cyber risks exacerbated by the pandemic, the World Economic Forum (WEF) published a report entitled “Cybersecurity Leadership Principles: Lessons Learnt During the COVID-19 Pandemic to Prepare for the New Normal”. The report’s aim is to shape adequate responses to growing cyber threats, and contains five measures that will shape the future of cybersecurity. The five measures are:

  1. Fostering a culture of cyber resilience: As risks grow and wane, resilience is the key to continued data safety. Implementing proactive risk management practices and developing strategies to recover from cyber attacks are among the recommendations of the WEF.
  2. Focusing on protection of critical assets and services: It is impossible for businesses to protect every aspect of an operation. Instead, identifying and prioritizing those assets and services that are critical for business continuity while maintaining compliance with privacy and data security regulations is the better course of action.
  3. Balancing risk-informed decisions within the pandemic and in the future: Implementation of new systems and practices always come with new risks. Leaders must balance those risks and may have to make difficult decisions as they adapt to the “new normal”. Maintaining flexibility by continual reassessment of existing and emerging risks will help balance risk exposures.
  4. Updating and practicing response plans, including those designed for business continuity: While many companies have created business continuity and data breach response plans, these are not static documents. Risks evolve, and even the best plan is useless without testing its capabilities. By updating and practicing the plans, deficiencies can be uncovered and remedied before an actual response is needed.
  5. Strengthening collaboration throughout the business ecosystem: Establishing and building partnerships between public and private entities regarding cybersecurity is the key to continued success. Sharing information between partners in a transparent manner is the goal of this collaborative effort. By leveraging the power of collaboration, business leaders can more quickly identify emerging threats and take the steps needed to manage or eliminate those threats before they can cause an embarrassing and expensive data breach. 

The future is uncertain, but what is certain is that cyber criminality will continue to threaten the business world. In addition to protecting assets and systems with robust cyber liability insurance plans, insurance agents must provide their clients with the information and practices designed to manage risks going forward. The COVID-10 pandemic has been a challenging time, but it has also provided an important learning experience for industries around the world. These lessons will shape the direction of  cybersecurity response for years to come. 

About U.S. Risk

U.S. Risk, LLC. is a wholesale broker and specialty lines underwriting manager providing a wide range of specialty insurance products and services. Headquartered in Dallas, Texas and operating 16 domestic and international branches, U.S. Risk and its affiliates would like to help you access a world of new markets and products. For more information, contact us today at (800) 232-5830.

Financial Institutions

Considerations for Banks and Financial Institutions in a Time of Pandemic

Banking and financial institutions have faced unique risks since their very beginnings. Those risks are compounded by the effects of the global coronavirus pandemic. As economies the world over have ground to a halt, individuals, companies, and communities face significant financial hardships. These hardships have an outsized impact on banking, capital markets, and financial services firms. Although financial institution insurance is designed to protect against many risks, financial managers can help manage risk exposures better by gaining an understanding of the unique challenges uncovered by the COVID-19 crisis.

Read more

Cybersecurity

COVID-19 and the Long-Term Impacts on Cybersecurity

The novel coronavirus pandemic has created powerful effects across all areas of our lives, including how we interact with others and how business is conducted. COVID-19’s negative health effects are only one part of how this pandemic is influencing business operations. As more companies move to virtual at-home work environments, the need for robust cybersecurity has grown in importance. There are short-term effects associated with changing cybersecurity needs, but insurance agents need to be aware of potential long-term ramifications for their business clients, including comprehensive cyber liability insurance solutions.

Read more

Cyberattacks

How Will Coronavirus Impact Cybersecurity and Why Does it Matter?

As the coronavirus pandemic has descended on the world, it has affected people’s lives in many unexpected ways. Stay-at-home orders and social distancing guidelines have led to fundamental changes in the way business is being conducted, with many individuals forced to telecommute for the first time in their careers. Throughout personal and professional lives, more interaction has moved to web-based services, including e-commerce, communication, and information resources. Unfortunately, many companies are underprepared for the sudden reliance on remote access technologies, potentially opening the door to cyber criminals. While cyber liability insurance is one part of a more comprehensive risk management program for business interests, it is critical that insurance agents help their clients understand emerging cyber risk exposures created in the wake of the coronavirus.

Read more

Cyber Liabilities

Cyber Liabilities in the Financial Sector

Across industries, so-called cyber crimes are on the rise. As businesses shift to digital systems for managing data, personnel, and customer records, cybercriminals have increasingly targeted these systems. The financial sector was especially hard-hit in 2019, with numerous highly-publicized data breaches and cyberattacks well in excess of any other industry. U.S. Risk Underwriters, a specialty provider of risk management solutions for various industries, believes that financial institutions need to understand cyber liabilities to better protect their assets and their customers’ sensitive data from loss. By understanding the risks, financial firms can implement the risk management solutions needed to reduce exposure to cyber threats.

Read more