Security Verification

The Cyber Liabilities of the Workers’ Compensation System

The Cyber Liabilities of the Workers’ Compensation SystemThe workers’ compensation system may not seem like a popular target for cyber criminals, but according to security experts and recent research, it is poised to become one. Any industry comes with cyber risk, but a breach of workers’ compensation policyholder data puts a complicated combination of personally identifiable information, protected health information and financial information at risk. Experts agree that workers’ compensation insurers should make it a priority to anticipate and prepare for data breaches. According to Patrick Fowler, a Phoenix-based cyber security expert, workers’ comp insurers need to know; “it’s not a matter of if they will be breached, it’s more likely a matter of when they will be breached.”

One example of the complicated nature of a workers’ compensation is a data breach that occurred late in 2017. At the beginning of this year, news broke that Oregon State Accident Insurance Fund Corp. (SAIF), a state-chartered workers comp insurer in Salem, Oregon potentially exposed the confidential information of more than 1,750 people after an email phishing attack last December. In a letter sent by SAIF to the affected parties, it was explained that their information was compromised when a hacker gained access to a SAIF auditor’s email account which contained emails that included personally identifiable information of employees for six different companies that get their workers’ compensation coverage through the insurer.

SAIF had to take a number of steps in their response to the breach. According to an SAIF spokesperson, as soon as they learned of the incident, they took immediate steps to disable the affected business email accounts. They then had to report the incident to multiple agencies including the FBI, the Oregon Department of Justice and the three major consumer reporting agencies. They also had to notify the potentially affected employees, and opted to provide them with credit monitoring and identity theft restoration service for twelve months. In this case, it is not clear whether or not the SAIF incident included any medical information, which would add HIPAA violations to the long list of ramifications of this type of data breach.

What makes cyber liabilities differ greatly from other types of business liabilities is that they are constantly changing and evolving. Cyber criminals can adapt and change their techniques or create entirely new threats to exploit the vulnerabilities of their intended targets. It’s important for workers’ compensation insurance brokers and agents to understand that cyber liability is a threat to their industry, and focus some of their effort on education, security and risk management programs to help lessen the potential damage of a data breach.

About ASIA Workers’ Compensation

Associated Specialty Insurance Agency, Inc. has been “The Workers’ Compensation Specialist for Brokers and Agents” for the past two decades and is committed to providing brokers and insurance agents across the East Coast with expertise and services to develop a Workers’ Compensation policy. For more information about how we can assist you with claims management, anti-fraud measures, and more call (610) 543-5510 to speak with one of our professionals.

This entry was posted in blog, Workers Compensation and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.