NEWSROOM

The year is not over yet, but 2021 is likely to be a record-breaking year for data breaches, particularly in health care. Healthcare IT News reported last month that more than 40 million medical information records have been compromised during the past year. The Identity Theft Resource Center, a nonprofit set up to support identity crime victims, said Q3 2021 data breaches were up nine percent as compared to Q2. 
 
The Insurance Information Institute reported a 45% uptick in identity theft and fraud reports in 2020. Complaints numbered 4.8 million, as compared to 3.3 million complaints in 2019. The biggest jump was for identify thefts – 1.4 million complaints versus 651,000 in 2019. That represents a 113% increase in identity theft complaints in one year.
 
Cybercrime can involve gaining unauthorized access to a computer system to steal employee, customer, or other data, or holding sensitive personal or business data hostage for a ransom, among other forms. The impact on businesses and individuals can be substantial. One of the high profile ransom hacks of 2021 involved Colonial Pipeline, which paid $2.3 million (in Bitcoin) when 100 gigabytes of data was stolen. In addition to costing the company millions, the hack also drove up the price of a gallon of gasoline in the southeastern U.S., costing consumers millions and triggering shortages brought about by panic buying and an interruption in gasoline distribution.
 
Data for more than three million individuals doing business with the 20/20 Eye Care Network was compromised this year. The hacker gained access to names, addresses, Social Security Numbers, member ID numbers, dates of birth, and health insurance information for members. Another three million customers of nine health care organizations were affected by a hack of Accellion (which handles processing for Kroger Pharmacy, Health Net, Trinity Health, California Health & Wellness, Trillium Health Plan, Stanford Medicine, and others). This breach included names, SSNs, birth dates, credit or bank account numbers, and other information.
 
A potential new target for hackers is Non-Fungible Tokens (NFTs).  If you are not that familiar with them, an NFT is a unique, cryptographically assigned identifier that up to now has been thought of primarily as related to Bitcoin. Now, usage is spreading. As noted this year by The Health Care Blog, NFTs are now being used for health care data. That could pose new risks. Pillsbury, a law firm known formally as Pillsbury Winthrop Shaw Pittman LLP, published The Need for Insurance Options to Protect NFTs, in July outlining insurer challenges.
 
For businesses, including insurance companies, agencies, and brokers, cyberattacks pose a risk of hundreds, thousands, or even millions of dollars in unexpected expenses. The costs can add up quickly and may include:

• costs for responding to an attack (including loss of control over critical business infrastructure and networks, audits, investigation, implementation of new security measures and systems, and informing affected customers, suppliers, business partners)
• intellectual property theft
• legal liabilities
• business interruption costs, including supply chain interruptions
• harm to reputation (and loss of revenue, customers, business relationships)
• increased insurance costs (to protect against future attacks)

 
The Word & Brown Companies’ 9 Cybersecurity Tips for Your Office offers valuable guidance on steps you can take to protect your business and the information of your customers. Copies are slated for distribution in Q1 2022. Be sure to watch for it.
 
Word & Brown takes cybersecurity seriously. A reflection of that is our earning HITRUST Certified^TM status for the second time. This certification demonstrates that certain systems used by Word & Brown have met key regulatory requirements and industry-defined requirements, and that we are appropriately managing risks.
 
This achievement places us in an elite group of organizations worldwide to earn this certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST Certification helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. To learn more about Word & Brown’s security commitment, link to our web page.