Let’s face it – you can’t turn on the news without hearing about another high-profile cyber attack. But, if you think it only happens to the ‘big guys,’ you’re wrong.
Actually, healthcare organizations can usually be found at the top of any hacker’s hit list since the data is so much more valuable than payment cards.
Due to this high-risk exposure, the marketplace has started to customize cyber coverage specifically for healthcare-related business.
Not to mention, these four very good reasons to add it, and fast!
Cyber exposures have (and will continue to) become very complex
Organizations could be at risk for a full limit loss, so an independent limit will mitigate that risk
It’s necessary to have 24/7 legal and communication expertise available to help minimize the loss
A surplus lines cyber policy will evolve as cyber risk continues to broaden
Now, more than ever, healthcare businesses must look into a dedicated cyber policy to protect their assets.
NEENAH, Wis. (May 8, 2018) – Jewelers Mutual Insurance Group recognized its top agencies for their expertise in jewelers block insurance during JM Summit, an annual sales conference.
Agencies were named to the President’s Club in recognition of their efforts to serve Jewelers Mutual policyholders.
“Jewelers block policies are a cornerstone of Jewelers Mutual’s success,” said Scott Murphy, president and CEO of Jewelers Mutual. “Our success as a company is a direct result of the dedication and consistency of our top agencies and producers.”
At the annual awards ceremony, The Signature B&B Companies were honored to have Gary Castle and Wendy Goldberg accept their award with President and CEO of Jewelers Mutual, Scott Murphy.
This is the 5th year in a row that The Signature B&B Companies have been named to the Jewelers Mutual President’s Club.
I get asked all the time what makes The Signature B&B Companies unique in this increasingly crowded, confusing marketplace.
My response is simple. Although we are full-service insurance generalists, we also have a number of specialized practice groups that offer coverages and risk management insight that others can’t.
Additionally, we have tremendous relationships with carriers and insurance companies allowing us to negotiate terms, conditions and pricing on coverages that most brokers don’t even know exist.
How the New York Med Mal Environment Benefits You
Let’s take our specialty in medical professional liability insurance. It’s been dominated by two carriers for the last 30 or 40 years. And they’ve struggled.
Now, a number of carriers have come into the marketplace providing terms, conditions and pricing that’s literally shaking up the industry and physicians, practices and healthcare facilities have noticed and have started to move.
What’s interesting is that those two players were mostly direct writers, meaning they wrote directly with clients and medical practices.
However, these new carriers are working with agents and brokers. When your agent or broker is working with an insurance company, you’re not tied to that direct writer. In many cases, the insureds interests and the direct writers interests aren’t necessarily aligned. This can result in the carrier’s inane ability to negotiate claims in their best interest, not he insureds.
I believe that when you work with an independent insurance agent, they have your best interest at heart. And when you work with a specialized independent writer like Signature B&B, that’s exactly what happens.
—
To learn more how The Signature B&B Companies can keep your best interest at heart, contact Julie Shumer at 516.240.8872 or email jshumer@gmail.com. To get a no-obligation risk assessment, complete this quick form and we’ll get you scheduled.
A medical practice faces a variety of different risk exposures than the average commercial business.
In order to achieve maximum cost savings and protection, healthcare organizations require a specialized agency that possesses in-depth experience not only in commercial risk coverages, but also medical professional liability exposures.
We evaluate the landscape of a client’s location, as well as their comfort zone and look for ways to educate, provide resources and identify customized services that may have been overlooked by other agencies.
It’s about taking the time to understand a client’s business goals and how we can create operational efficiencies while also taking into account various state and federal requirements, potential cyber risks and employment practice liability exposures.
If you’re a healthcare practice or medical professional, now is the time to think differently about your coverages by allowing a full-service agency to identify practice exposures that will not only provide peace of mind, but also cost-saving opportunities that will allow you to reinvest in your medical practice.
Southern Arizona Anesthesia (SAA) is an 80 physician group practice in Tucson, Arizona and the largest independent group practice in Arizona.
“We’re unique in that we are an all physician model group with an emphasis on fair and egalitarian practices,” said Dr. David Joseph, CEO of SAA. “Our ability to work through challenges has allowed us to become stronger and more unified over the years.”
As a result, they’ve grown from just eight physicians to more than 80 in the last 32 years attracting anesthesiologists from top residency programs across the country.
They also credit their ability to track data. “In the earlier years, the data driven portion was really focused on financial metrics, on knowing everything about ourselves and the hospital environments,” said Joseph. “More recently we’ve looked at quality metrics and compared them on a national level.”
SITUATION
“For many years we were happy with the coverage we had,” said Joseph. “We had great rates compared to everybody else in the state. We were paying less, well under half of what the average anesthesiologist in the state was paying.”
Until they met a new broker, Julie Shumer. Armed with SAA’ data, she was convinced she could present something that was even more innovative.
RESULTS
Southern Arizona Anesthesia saved more than $168,000 plus received custom retro plan pay dividends to the group during their favorable loss years.
“We were not aware that there were additional savings out there,” said Joseph. “But she came back with something that was vastly superior to what we had resulting in a retro-program that gave us a rebate based on our loss runs. It saved us a tremendous amount of money.”
But the support didn’t stop there.
“Over the years, she has become a true asset to our company,” said Joseph. “She is someone that I trust and know that I can go to with pretty much any insurance question and she’ll get the answer back to me.”
Shumer added, “At the core we are more concerned with building a long-term partnership with clients ensuring they know that we will fight harder than any other broker to help them save maximum dollars all while reducing risk.
Beyond the broker relationship, SAA relies heavily on Shumer and The Signature B&B Companies to help them stay on top of constantly evolving healthcare changes.
“You’ll be halfway through the year before you even know what rules have changed especially with so many patients shifting into Medicare, which for some specialties is great, but for anesthesiologists MediCare pays 20- to 25-percent of commercial rates so that’s a big problem for us,” said Joseph.
SAA has been loyal client of Shumber for more than 10 years.
When asked why he continues his working relationship with Shumer and The Signature B&B Companies he said, “Unfortunately, the way the insurance industry is set up, there’s a disincentive for a lot of brokers to fight for their client and try and reduce the premiums because that reduces their commissions.”
“So finding someone who had both the integrity to really bring forth a unique proposal and industry knowledge and expertise to come up with out of the box creative programs was extremely helpful,” said Joseph.
Larry P. Roberts MDPC is a full-service medical facility specialized in urology unique in that it is equipped with a certified ambulatory surgery center with board-certified anesthesiologists.
“I’ve evolved into a full-service office setting where I can do ambulatory procedures in my office,” says Dr. Larry Roberts. “That is the major change that has taken place over the past few years.”
Dr. Roberts needed a progressive insurance solution that would flex and grow with his constantly changing practice.
“My relationship with The Signature B&B Companies (SBB) has evolved over the last 20 years and they have always been able to structure and change my coverage to accommodate me.”
Evolved so much that he now has a variety of coverages through SBB.
“They have been exceptional from the point of view of their availability, their devotion to my coverage both professionally and personally,” said Dr. Roberts.
“They handle many of my policies including home, auto and all kinds of insurance in addition to my medical malpractice.”
When asked about the best part of working with SBB he said, “They have always been exceptional through Marcy Ruckman’s direction at seeking out the best possible coverage for me with the lowest premiums.”
Ron Brunell, managing principal at Signature B&B Companies talks about their approach to client management and how it’s been strengthened through the affiliation with Acrisure.
To learn more about The Signature B&B Companies and their complete approach to risk management, call 516.764.1100 or visit sbbinsure.com.
Cybersecurity Incidents are seemingly limitless in their variety, so it is impractical and infeasible to develop instructions for handling each type of attack. In general, however, there are three main threat vectors that organizations can prepare for in order to develop different response strategies.
Outside Attacks
Hackers
Malware
Ransomware
DDOS Attacks
Web-based Applications
Social Engineering
Insider Threats
Malicious Employees
Improper Software Installation
Lost Laptop
Stolen Mobile Device
Corrupted file in an email
3rd Party Incidents
Unauthorized Access to Information Systems by a Trusted Vendor
Unauthorized Access to Nonpublic Information by a 3rd Party Service Provider (3PSP)
How does your organization know there has been a Cybersecurity Event?
One of the most challenging components of the incident response process is accurately detecting and assessing and analyzing potential incidents. Establishing whether an event has occurred, and if it has, the scope, depth and type of the problem.
Signs of an incident fall into one of two categories: precursors and indicators. A precursor is a sign that an incident may occur in the future while an indicator is a sign that an event may have occurred or may be occurring now.
Detecting precursors may give an organization the heads up it needs to adjustment its Cybersecurity stance, providing an opportunity to prevent an incident altogether. Unfortunately, most attacks do not have precursors from the targeted organization’s perspective.
Examples of precursors are:
Web server log entries that indicate the usage of a vulnerability scanner
A threatening statement from a group declaring that it will attack an organization
Announcement of a new exploit that targeting a specific vulnerability of the organization’s mail server
While organizations rarely receive precursors in time to correct their Cybersecurity postures, indicators are much more common.
Examples of indicators:
Antivirus software displays an alert after detecting a host infected with malware
System administrator notices a filename with strange characters
A network intrusion sensor displays alerts when a brute force or DDOS attempting to overflow systems occurs against a server
Application logs multiple and repeated failed attempts to access from an unfamiliar remote system
Network Administrator notices a strange network traffic flows that deviate from the norm.
Precursors and indicators come from many different sources. Computer security software alerts, logs, the news, and people can all be useful in detecting indicators and precursors.
It is crucial to have a robust Cybersecurity Program in place to capture the signs of an attack and a Cybersecurity Policy in place to facilitate communication between multiple parties.
If you received a precursor or indicator this exact moment, who would be the first person you would call?
People always want to pick my brain about cyber attacks. It’s kind of like being the IT guy in the family, “Can you look at my laptop? It runs slow.”
Imagine that guy’s Thanksgiving. Cringe.
But that’s the world we live now. Every day, sadly, there’s another headline in the news with a big name next to it.
Target data breach.
Home Depot data breach.
Verizon data breach.
In fact, due to the notoriety of the victims, some business owners now think, “No one will hack me. I’m not big enough.”
Wrong.
Big names sell newspapers and get clicks, shares, Likes, and comments. Little names don’t have a Cyber Protection Plan in place and possess the same data like employee information, customer information, and financial records.
Another misconception is that business owners can afford or manage a data breach. This is not a misconception like the NY Jets are in the NFC. It’s whether or not you will be able to stay in business.
60% of all SMB that experience a data breach close their doors for good within 6 months.
How could a business owner discount or miscalculate this damage? It’s actually pretty easy. Because, like an iceberg, the biggest part lies below the surface.
These are the 6 indirect costs of a data breach:
1) Increased Cost to Raise Debt
2) Impact of Operational Disruption or Destruction
3) Lost Value of Customer Relationships
4) Value of Lost Contract Revenue
5) Devaluation of Trade Name
6) Loss of Intellectual Property
A data beach can’t be prevented. It can only be mitigated.
If you’re the captain of your ship it’s you’re job to steer clear of the ice bergs in the sea. Or recruit someone to help you.
You need to recognize what is at risk. Then you need to learn how breaches occur.
This information will educate you enough to get enough Cyber liability insurance for your business and allow you to build the best pre and post breach response strategy.
Last night we learned that Equifax, one of the three main consumer credit reporting agencies, suffered a data breach that has the potential to expose confidential information of nearly 50 percent of the American population.
This cyber security breach was discovered on July 29th and appears to stem from hackers exploiting vulnerabilities in Equifax’s website software.
Why it matters
The Equifax breach is different from prior breaches due to the sensitivity of the information exposed. Names, addresses, DOBs and Social Security Numbers are the four main pieces of information necessary to set up credit card accounts, take out loans and create new bank accounts. These four pieces of information are all available in one place, Equifax.
Making matters worse, Equifax also offers credit monitoring services to its customers. This sets up potential a scenario where hackers access confidential information through Equifax, set up phony accounts, then manipulate credit card monitoring to make it appear as if there is no fraudulent activity at all. If a hacker controls the credit monitoring how would you know if there is fraud on your account?
At this point you may be wondering: “How could things get worse?” Easy, sprinkle in some insider trading.
Insider Trading
Three Equifax executives sold nearly $2 Million worth of stock just days after Equifax discovered the breach. Executives typically set up 10b5-1 plans to schedule planned stock sales and avoid accusations of insider trading. According to SEC filings, none of these sales were planned in advance.
Burrowing deeper into its already sizable crater, Equifax publicly announced that the executives (one of them being the CFO) had no knowledge of the breach when they sold their shares. How could the CFO of Equifax not know about a potentially catastrophic data breach that was discovered and acknowledged days earlier?
Aftermath
Considering that one of its sources of revenue is tied directly to data breach response, you would think that Equifax would include a robust Cyber Incident Response Plan as part of their cyber security strategy. One that would set its customers minds at ease and show regulators that it takes this event seriously. Although its still early, the Equifax response has basically been a joke.
It took 5 weeks to announce the data breach to consumers, a period of time which would have violated Europe’s new breach disclosure regulations. The website Equifax set up for customers, to determine whether or not their information was compromised, asks for the last 6 (!!!) digits of their Social Security Number, then politely informs you that you will be eligible for ID protection in two weeks.
Finally, the Equifax response website itself is so poorly secured that certain systems have been blocking access to it, labeling the breach recovery site as a phishing threat.
The Equifax Data Breach Debacle of 2017 is a clear case of why it is so important for organization’s cyber security plan to include a comprehensive Cyber Incident Response Program. A robust CIRP enables your organization to rapidly contain damages, deploy response resources, and ultimately limit financial and reputational damage in the wake of a data breach.
