Healthcare Financial Management Association - 2021 Cyber Risk
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Healthcare Financial
Management Association – 2021
Cyber Risk
Paul King, John Jamison & David Paris
CONFIDENTIAL AND PROPRIETARY: This presentation and the information contained herein is confidential and proprietary information of USI Insurance Services, LLC ("USI"). Recipient agrees not to copy, reproduce or distribute this document, in
whole or in part, without the prior written consent of USI. Estimates are illustrative given data limitation, may not be cumulative and are subject to change based on carrier underwriting. © 2014-2020 USI Insurance Services. All rights reserved.
Agenda
Why the Topic is Important + Agenda
▪ More frequent cyber events, impacting all
organizations and in particular, Healthcare
▪ More severe cyber events – business
interruption, fines/penalties, event costs
▪ Healthcare not able to deal effectively with a
cyber events on the front end, historically
▪ Current Cyber Threats
▪ Emerging Cyber Threats
▪ Insurance Market and Claims Examples
|2
Companies
▪ USI is one of the largest insurance brokerage and consulting firms in the world,
delivering property and casualty, employee benefits, personal risk, program and
COVERAGE
retirement solutions to large risk management clients, middle market companies, SAVINGS
smaller firms and individuals. Headquartered in Valhalla, New York, USI connects
together over 8,000 industry leading professionals across approximately 200
offices to serve clients’ local, national and international needs. USI has become a
premier insurance brokerage and consulting firm by leveraging the USI ONE
Advantage®, an interactive platform that integrates proprietary and innovative
client solutions, networked local resources and expertise, and enterprise-wide
collaboration to deliver customized results with positive, bottom line impact. USI
attracts best-in-class industry talent with a long history of deep and continuing
investment in our local communities. For more information, visit usi.com
▪ Calvetti Ferguson is a Top 200 accounting and advisory firm with offices in
Houston, Dallas, Fort Worth & San Antonio. We offer accounting, advisory,
assurance, tax, and technology risk services. As trusted business advisors to
privately held and public companies, private equity funds, family offices, and high-
net-worth individuals, we provide assurance, tax, advisory, accounting and
technology risk services. Our core clients are dynamic, middle market companies
in real estate, construction, professional services, energy, manufacturing,
distribution, and technology. The firm was founded in 2003 and has been
recognized by top publications such as Forbes, Houston Business Journal, and
Houston Chronicle. Calvetti Ferguson is an independent member firm of
PrimeGlobal, the fourth largest association of independent accounting firms with
almost 300 member firms in more than 90 countries. Visit us at
calvettiferguson.com for more information.
|3
Industry Experts
COVERAGE SAVINGS
▪ Paul King – SVP & National Cyber Leader, USI
Paul is the Technical Director for the Executive and Professional Services Group
(EPS) within USI. He is responsible for carrier relations, EPS solution content,
and oversight of emergent risk solutions. Additionally, Paul is a member of the
USI M&A team as well as handling professional and management liability risk
management for USI’s parent and subsidiaries. Paul co-led the creation of the
national “USI Cyber PrivaSafe Platform” encompassing cyber insurance, risk
management and 3rd party Cyber service provider solutions (USI “Cyber
Answerlytics”) – unique in the industry. Additionally, Paul has spearheaded
USI’s “EPS ExecuSafe” management liability endorsement pack enhancements
among other project management build out.
▪ John Jamison – Partner, IT Audit Leader, Calvetti Ferguson
With nearly two decades of experience in both “Big-4” and Middle-Market
accounting, John is the Partner-in-Charge of the Technology Risk Services
group. He has a comprehensive understanding of an organization’s IT function
from technical, organizational and risk-oriented perspectives. John has served
a dual-role as CIO at two regional accounting firms, also having served as a
fractional CIO for several middle-market organizations. John specializes in SOC
reporting, IT General Controls reviews, IT Risk Assessment and Fractional CIO
services. John is also a member of the faculty at the Texas A&M University –
Commerce College of Business.
|4
Top Current Cyber Threats - Healthcare
RANSOMWARE
Cyberattacks – PROFITABILITY
on healthcare more = REMOTE WORK & MOBILE –
CONTINUED ATTACKS ($123M IN CITRIX + HEALTHCARE =
PROFIT – ONE GROUP) TARGET (BEAT PHISHING!)
Overall Ransomware events more Hackers continue to have success
than doubled in 2020, with with scanning and exploiting
ransomware accounting for 28 endpoint vulnerabilities, which
percent of all attacks on HC accounted for 35 percent of initial
attack vectors – CITRIX AS TARGET
DATA AND NETWORK SOCIAL ENGINEERING – HC AS
BREACHES – HC UNIQUE CRITICAL INFRASTRUCTURE
HC is unique when it comes to breach With the Covid-19 Pandemic, the
response as: 1 – default reporting attack surface and targeted topics to
obligations due to a network use in Social Eng. (ie, “Phishing
intrusion (HIPAA/OCR) and 2 – HC attacks”) grew exponentially – this
IT forensics are difficult + expensive will continue in 2021 vs a Phishing
(and this will continue to deteriorate) training success ofTop Emerging Cyber Threats - Healthcare
RISK DUE DILIGENCE – TPP’S – BODILY INJURY – THE FIRST
HEALTHCARE RISK MGMT “CYBER DEATH” OCCURRED IN
2020
Healthcare organizations, especially small Sadly, the theoretical happened in 2020
and middle mkt entities typically when a ransomware attack became the
outsource not only IT but many back reason for a patient diversion from a
office and supply processes – these are hospital in Germany - leading to patient
your next security failure death due to the 30 mile treatment delta
INSIDER THREAT + HACKTIVISM
– THE SINGLE BIGGEST GAINER
IN 2019 AND 2020
Given the type of data that’s held by HC
firms, the possibility of a pay day much
higher than the average HC worker salary
and the rise of hacktivism based on entity
policy, procedures and delivery this risk
will increase in HC
|6Insurance Market and Claims – Healthcare/General
Cyber Insurance Insurance Coverage Claims
Market Today
• Historically hard and • Rates and Retentions • Ransomware
worsening market are both up 50-150% continues as leader
• Driven by exponential YoY or more • Insider threats fastest
claims/combined ratio • Terms and conditions gainer
• Also driven by inability being pulled or limited
• Reputational Harm
to underwrite emergent • Limits are half to 1/3 and regulatory impact
risk are emergent
|7Contact Information:
Paul King
paul.King@usi.com
214 697 7285
David Paris
david.paris@usi.com
NEXT 713 490-4538
STEPS
John Jamison
jjamison@calvettiferguson.com
972 848-6508
CONFIDENTIAL AND PROPRIETARY: This document and the information contained herein is
confidential and proprietary information of USI Insurance Services, LLC (“USI”). Recipient agrees not to
copy, reproduce or distribute this document, in whole or in part, without the prior written consent of
USI. Estimates are illustrative given data limitation, may not be cumulative and are subject to change
based on carrier underwriting.
© 2014-2020 USI Insurance Services. All rights reserved.You can also read
