Skip to main content

Home/ WPPS C-Suite News/ Group items tagged insurance

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Few businesses are likely to be insured against the result of cyber attacks - Security ... - 0 views

www.securitypark.co.uk/security_article263278.html

Best Practice Privacy Security Insurance Employee Fraud unemployment resession

shared by sandy ingram on 21 Jul 09 - Cached
  • Businesses are advised to thoroughly review risk management procedures and insurance programmes to ensure they have adequate and relevant cover in place: “The responsibility to get the house in order should lie with an organisation’s Managing Director or Finance Director, and not the IT department alone,” says Simon. “IT defences whilst vital only react to known problems and are not guaranteed to be 100 percent secure. Protection for the whole business and its sustainability is without doubt the safest option.”
  • “The economic downturn has resulted in people of all levels and responsibilities losing their jobs, and those with a detailed knowledge of their former employers’ IT and operating systems may well present a real potential threat, and turn to extortion as a way of taking revenge on their former employer, and of making some money at the same time.
  • According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss.
  • sandy ingram on 21 Jul 09
     
    According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance cover for data or business loss. "According to a DTI Information Security Breaches Survey, a third of UK businesses think general business insurance provides full cover for damage to the business arising from data loss," comments Wilsons' Simon Hoare, "but the reality is quite different, with very few businesses likely to be insured against the result of cyber attacks on its most crucial management and business tool - corporate and customer information, most of which is today held on corporate IT systems. "For public company directors, this is in fact in breach of their duties under the Turnbull Report, which requires them to identify, manage and take an informed opinion on the transfer of risks for the business."
sandy ingram

Special agent to National Insurance Crime Bureau: "anecdotally the economic recession i... - 0 views

www.claimsjournal.com/...99413.htm

Fraud Insurance Recession FBI Economics

shared by sandy ingram on 09 Apr 09 - Cached
  • the FBI is aligning a lot more investigators to look into actual economic fraud investigations versus insurance fraud investigations.
  • "Fraud bureaus are telling us this, we're hearing it from the state fire marshals, and we're hearing about it anecdotally through news stories. It's clear that as the economy has gone down, the opportunity to commit fraud, to recover monies they think they need, has increased."
  • And with anywhere from $80 billion to $200 billion lost to fraud each year, affecting all lines of the insurance business — health, property, casualty, life and disability — it's no wonder that states are concerned with combating it.
  • ...1 more annotation...
  • NICB has seen a "pretty significant' trend in medical identity theft and provider fraud, according to McKee. This is when someone steals a person's identity, and medical and insurance information, then submits fraudulent bills to the insurance company for treatment the person did not receive. The check goes back to the fraudulent company, and the person is unaware that his or her identity was stolen or is being used for fraud, he explained.
  • sandy ingram on 09 Apr 09
     
    Does a bad economy increase crime? Analysts have debated that question for years, according to Mike McKee, senior special agent for the National Insurance Crime Bureau. While it's too soon for statistics to confirm whether recent events like the mortgage meltdown and an increase in unemployment truly lead consumers to commit more crimes, McKee said at least anecdotally the economic recession is affecting insurance fraud.
sandy ingram

Medical-data breach said to be major; involves nearly two-thirds of the insurers' subsc... - 0 views

www.philly.com/...a_breach_said_to_be_major.html

Security Privacy compliance cybersecurity breach

shared by sandy ingram on 21 Oct 10 - No Cached
  • The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.
  • The news of the breach comes at a time when there is more emphasis - and billions of dollars in federal funding - to develop protocols for electronic medical records, with information being shared among providers, insurers, and consumers.
  • Paul Stephens, director of policy for the Privacy Rights Clearinghouse, said that data breaches in the finance and retail sectors tended to involve more people, but that health data are very sensitive and may also contain payment information.
  • ...3 more annotations...
  • Until The Inquirer asked for information, the company had not disclosed the data breach to affected members, most of whom live in Philadelphia and nearby counties
  • The federal website explaining the law says that breaches must be reported "without unreasonable delay and in no case later than 60 days."
  • They would not say how they know the computer drive was lost, not stolen. They would not comment on the riskiness of taking the drive to health fairs, nor would they say whether the data on the drive was encrypted.
  • sandy ingram on 21 Oct 10
     
    A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation. "We deeply regret this unfortunate incident," said Jay Feldstein, the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The breach, which involves the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare, which has oversight. "We take compliance [with federal privacy laws] very seriously," department spokeswoman Elisabeth Myers said Wednesday.
sandy ingram

Are you ready for a data breach? | Healthcare IT News - 0 views

www.healthcareitnews.com/...are-you-ready-data-breach

data breach HITECH DHS Risk Assessment Compliance

shared by sandy ingram on 23 Jun 10 - Cached
  • sandy ingram on 23 Jun 10
     
    The handling of data breach incidents has become a way of life for healthcare providers and with other HIPAA covered entities. With the passage of the HITECH Act last year, there are now substantial penalties that can be levied, up to $1.5 million. This fact, combined with a requirement to notify the Department of Health and Human Services as well as the media for data breach incidents that affect over 500 individuals has, for the first time, resulted in public records being kept for such incidents. If you oversee privacy, compliance, or IT for a hospital system, a group practice, a health insurance company, other covered entities, or even one of their business associates, the HITECH Act and its privacy and data breach provisions require your close attention. While many people know that HITECH generally creates requirements for data breach notification, there are at least four things you may not know about HITECH that you really should: The requirement for a mandatory incident-specific risk assessment for every incident The fact that HITECH notification provisions do not pre-empt state notification laws Encryption of data does not necessarily alleviate the risk of data breach If your business associate exposes your protected health information (PHI), you are responsible
sandy ingram

Complex Global Risks, Boardroom Demands to Challenge Risk Managers in 2010: Marsh | EON... - 0 views

eon.businesswire.com/...permalink

risks security privacy Compliance

shared by sandy ingram on 02 Jun 10 - Cached
  • “With the ever-increasing complexity of global exposures, successful risk management today depends on timely information, regulatory awareness, and thoughtful anticipation of the range of local and global scenarios,”
  • sandy ingram on 02 Jun 10
     
    Global risk managers are challenged by new boardroom demands of insurer security, balance sheet transparency, and heightened accountability.
sandy ingram

First HIPAA Settlement - Whose next? - 0 views

blog.absolute.com/first-hipaa-settlement

breach Privacy Security settlement hipaa

shared by sandy ingram on 29 Jul 10 - Cached
  • sandy ingram on 29 Jul 10
     
    As we previously mentioned, Connecticut Attorney General Richard Blumenthal filed the first HIPAA-related lawsuit. That lawsuit has now been settled, also a first. The settlement agreement [PDF] between the State of Connecticut and the defendants (Health Net) is the result of the loss of a computer disk drive that had unencrypted health information for 1.5 million health plans. Health Net, under the terms of the settlement, has agreed to pay $250,000 to the state of Connecticut, offer 2 years of credit monitoring to those affected, obtain identity theft insurance and reimburse those affected for security freezes. They will also be required to greatly improve their security measures.
sandy ingram

Privacy and Security | BCP Business Center - 0 views

business.ftc.gov/privacy-and-security

Privacy Security compliance Best Practice breach cybersecurity FTC

shared by sandy ingram on 16 Nov 10 - No Cached
  • Behavioral Advertising Online behavioral advertising – the practice of tracking someone’s online activities to deliver targeted advertising – can raise potential privacy issues.  Do you disclose your practices to your customers and honor your promises? Children’s Online Privacy The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. If you run a website designed for kids or have a website geared to a general audience but collect information from someone you know is under 13, you must comply with COPPA’s two main requirements. Credit Reports Does your business use credit reports to evaluate customers’ credit worthiness? Do you consult credit reports when considering evaluating applications for jobs, leases, and insurance? Here is information about your responsibilities when using, reporting, and disposing of information in those credit reports. Data Security Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect that sensitive information. Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. Health Privacy If you offer or maintain personal health records online, you could be covered by the FTC’s Health Breach Notification Rule. Are you familiar with your legal obligations in case of a security mishap? Red Flags Rule The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs  – or red flags – of identity theft in their day-to-day operations.
  • sandy ingram on 16 Nov 10
     
    "Privacy and Security For many companies, collecting sensitive consumer and employee information is an essential part of doing business. If you collect this type of information, it's your legal responsibility to take steps to properly secure or dispose of that data."
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

www.masshightech.com/...usetts-data-privacy-rules.html

compliance Privacy Security Massachusetts proofpoint

shared by sandy ingram on 10 Nov 10 - No Cached
  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  • sandy ingram on 10 Nov 10
     
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

Health care providers anticipate new audit program - 0 views

www.finance-commerce.com/...allenges-as-scrutiny-increases

Health Care Audit

shared by sandy ingram on 05 Jan 09 - Cached
  • New audit program
  • Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
  • The federal government recently offered additional incentives to states that adopt laws that parallel the False Claims Act.
  • ...8 more annotations...
  • Data privacy is another hot-button issue for health care consumers, providers and regulators
  • a Minneapolis attorney, expects to see stepped up reinforcement of so-called “red flag rules” under the Health Insurance Portability and Accountability Act to prevent identity theft from health care providers and their patients.
  • health care organizations need to address three primary areas
  • making sure they have ID-theft prevention programs in place;
  • requirements relating to credit reports;
  • requirements related to the use of debit cards, credit cards and “smart” cards.
  • expects to see greater enforcement and “stiffening” of Medicare and Medicaid reimbursement:
  • As the current economic downturn continues, DeLoss also foresees another trend which should keep health law attorneys occupied in the coming year: more consolidation among medical practices.
  • sandy ingram on 05 Jan 09
     
    Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
sandy ingram

Privacy is good for business - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo cpo

shared by sandy ingram on 20 Nov 08 - Cached
  • "There are thousands of privacy professionals now, in the U.S. and Europe and Asia. Most of the Fortune 100 have a privacy officer or some sort of equivalent".
  • "Now imagine", Pearson says, "the first few times an insurance company or a university sends out a letter saying, 'excuse me, but we were hacked and we don't know what happened exactly, we don't know what happened to your data, but we are required by law to notify you that something might have happened'. That's not a pleasant situation to be in".
  • But privacy concerns impact more than just the bottom line; they affect multiple areas of an organisation, from legal liabilities to PR efforts to CRM and employee retention. A well-designed, well-implemented policy can help a company in all of these areas, on both the tactical and the strategic levels.
  • ...2 more annotations...
  • Security and privacy are not simply IT challenges—they need to be addressed as strategic issues, at the highest levels of the organisation.
  • Ultimately, however, it is organisational policies, not technology, that are most important to enforcing privacy.
1 - 11 of 11
Showing 20 items per page