Home

  • How Coalition’s Incident Response Helps Reduce Risks During a Cyber Attack

    How Coalition’s Incident Response Helps Reduce Risks During a Cyber Attack

    By Leeann Nicolo with Coalition Inc.

    Traditional cyber insurance protects businesses from the impact of a cyber breach after it occurs. However, what if cyber coverage could actually help reduce the risk of an attack before it happens? 

    As cyber incidents increase across the globe — cyber claims severity rose 56% for small businesses last year — reducing the risk of an attack proactively is critical to reducing overall business risk. 

    Enter: Coalition’s Incident Response (CIR)

    Driven by a team of technical experts, incident responders, forensic specialists, and security engineers, Coalition provides security across the lifecycle of a business, elevating the ability to respond to bad actors, including a security support center to help prevent attacks before they happen — and respond more effectively if they do.

    From ransomware to reputational impacts, CIR solved 46% of incidents reported to Coalition last year —  without additional costs or using up policyholder deductibles. Even more consequential, CIR helped many policyholders prevent cyber incidents last year, as Coalition’s insureds experience less than one-third the frequency of claims compared to the broader cyber insurance market (based on 2020 and 2021 National Association of Insurance Commissioners [NAIC] report data).

    The incident timeline: investigate, remediate, communicate

    When a cyber incident does occur, policyholders should be encouraged to report the incident to their insurance provider immediately. 

    Reporting an incident gets the ball rolling and alerts all necessary vendors and experts to mobilize, with the goal of reducing the overall impact of the incident. Coalition’s Claims team responds immediately to help determine what services to activate, from forensics specialists to a breach coach, and/or a PR firm to manage crisis communications. 

    The Coalition team will walk an insured through an investigation and remediation of the incident, while also working on all points of critical communication simultaneously. Here’s the Coalition Incident Response timeline as seen through an investigate-remediate-communicate lens: 

    1. Investigate what happened, to determine the tactics and techniques used by the threat actor during the incident. Building off of the insured’s Active Risk Assessment — a scan of how the insured’s network is seen on the dark web, so all vulnerabilities are visible — CIR collects and analyzes forensic artifacts and system logs to dive into what vulnerabilities may have enabled the incident and how the business can react to protect itself. This includes determining if the business has available backups and utilizing tools to have oversight and block the threat actors from gaining more access. Were any previous vulnerabilities noted and not patched? Were all the potential protections implemented in good time? While Coalition’s in-house team leads the investigation of the cyber incident, based on its complexity, third-party specialists could be also called in to supplement Coalition’s expertise. 
    1. Remediate for both the short- and long term. While remediation steps are informed by the investigation, this step happens alongside the investigation. The goal here is to act quickly in order to minimize the damage. CIR recommendations will be based on what is known and learned about the business, as well as on protection implementations recommended to them during earlier stages of the Active Insurance life cycle.  For example, if the business has viable backups in place for all of their critical data, CIR can guide the business through a process that avoids interacting with the bad actor and gets them back online more quickly. As a general rule of thumb, offline backups offer the greatest chance of survival during a cyber incident, because they’re unreachable to the threat actor. Online backups are often also seized or locked up by the threat actors along with your network. The CIR team guides insureds through the entire process of restoring from backup, from negotiation, to testing encrypted data, and finally (if necessary) paying the threat actors for a decryption key to regain control of the network. Remediation is also a time during which CIR will make network recommendations for the future. These may include: 
      • Multi-factor authentication (MFA), the electronic authentication of two or more pieces of evidence in order to be granted access to a website or application 
      • Endpoint detection response (EDR), software installed on all servers and endpoints, designed to stop ransomware and identify unusual behavior in an application
      • Network segmentation, a strategy that provides limited network access to employees, based on job qualifications, tasks or seniority. This helps businesses reduce network access. 
    1. Communicate the technical details. CIR will act as the business’s technical expert during the incident’s communication process. This includes communicating with the bad actors if necessary, but also providing the appropriate technical detail to include in internal and external communications about the incident.  For example, depending on the regulatory laws in effect in the states in which the business operates, CIR will provide guidance on what needs to be communicated to anyone with breached data. CIR can also work with the policyholder to provide an accurate understanding of how much the claim will cost based on the remediation necessary and forensic investigation that took place.

    Very often during and after a cyber incident, it’s important to engage a special public relations firm that deals with cyber incidents and their crisis communications needs. Coalition’s cyber coverage includes this service, and such a team is engaged if necessary by the CIR team as well. 

    Coalition Incident Response is active

    Coalition’s Active Insurance goes beyond a cyber insurance standard, playing an integrated role in your business’ cybersecurity across its lifecycle. It’s like combining the safety features of a vehicle — reverse backup sensors or automatic braking — with the post-accident coverage. 

    Coalition’s Active Insurance approach consists of Active Risk Assessment, which takes place before the policy is written, Active Protection during the policyholder period, and Active Response, a post-breach response. All three phases of this lifecycle provide a continuous feedback loop of the business’ current risk level and vulnerabilities.

    To report a cyber incident, Coalition policyholders can reach CIR here.

    To learn more about Active Insurance, download the Coalition Active Insurance eBook.

    Reprinted from Coalition Inc. Visit coalitioninc.com/blog to view the rest of the content on Coalition’s blog.

  • 6 Tips for Dealing with Insurance Adjusters

    The unthinkable has happened — your office was hit by a hurricane. The bad news is that all your hard work and your livelihood is now badly damaged. The good news is that you have office insurance in place to cover these losses and help you rebuild, especially if you trusted Florida Optometric Insurance Services (FOIS) to make sure you have the correct coverage in place.

    Once you record all the damage (video or photos) and call the insurance carrier to report the loss, it’s your duty to prevent any further damage. This means boarding up any doors and windows, cleaning up spills and tarping the roof, if possible. The next thing to expect is an inspection of your claim by the insurance adjuster. Here are some tips on dealing with the adjuster.

    1. Be patient. You have the advantage. After a large event, adjusters will deal with multiple claims per day, while you have all your time to focus on your own claim. Get your paperwork in order. Prepare an inventory of everything lost with replacement cost estimates and gather any evidence an adjuster might need. Being prepared and patient will help the process go smoothly.
    2. The adjuster works for the insurer, NOT you. The adjuster’s job is to inspect the loss for the insurance company. In the event of a large loss, carriers often hire contracted adjusters to help with the workload. Make sure that you know what your coverage is so that you’re getting everything your policy covers. Remember that FOIS works for YOU.
    3. Be there for the adjuster’s inspection. This seems like a no-brainer, but it’s important that you’re there to answer any questions the adjuster might have and point out any additional damage. Request a copy of the report right away.
    4. Come up with your number first. Part of being prepared is having an idea of how much money you need to rebuild and how much your policy should pay. Instead of waiting for the insurance carrier to tell you how much you’ll get, come up with an amount they should pay. This often will be the starting claim amount.
    5. Don’t settle. Adjusters and insurance carriers may want you to sign something right away or may try to offer you a lower amount to get the claim wrapped up quickly. Don’t sign a settlement contract until you (and/or your lawyers) have fully reviewed it. You can always ask FOIS or the carrier to do a second or third review of the claim.
    6. Follow up. The claims process can be long, and adjusters often have multiple claims to inspect. It’s your responsibility to regularly follow up with both the insurer and adjuster to ensure they are on top of your claim.

    Remember, FOIS is here to be your advocate and guide for all insurance matters. If you need to file a claim after a storm, do not hesitate to reach out to our experience agents for help and advice.

    By Carrie Millar, Director of Insurance Operations

  • Hurricane season starts June 1st. Make sure you are prepared by using the FOIS’ 2022 Hurricane Guide!

    June marks the beginning of the Atlantic hurricane season. Be prepared for the 2022 hurricane season thanks to the FOIS’ 2022 hurricane guide! Check out articles about disaster preparedness, loss or damage, insurance resources, claims and what to do after the storm.

    Click here for more information.

  • Protect Your Future Income with Disability Insurance

    Protect Your Future Income with Disability Insurance

    Can we take a few minutes to talk about the rest of your life? As an optometrist, you’ve spent a lot of time and money investing in your career. So what are your goals? Buy a house, a new car, start your own practice? Your income and ability to make money is the foundation for all of your goals. You need to protect that foundation. You insure your house and your vehicle. Why wouldn’t you protect the very thing that affords you these items — your ability to produce an income?

    Often, disability is unexpected. Disabilities don’t all come from accidental injuries. According to the Social Security Administration, injuries only make up 3.5% of disability insurance claims. Most often (96.5%), they are common illnesses like cancer, heart-related conditions, and mental-health disorders.1 An unexpected injury or serious illness could suddenly prevent you from practicing for weeks, months or even end your career.

    More than 25% of today’s 20-year-olds will face disability before they reach retirement, according to the Social Security Administration.2 Now is the right time to buy disability insurance to protect your income foundation for three reasons.

    1. Buying your coverage when you are young and healthy makes you more likely to qualify for a policy without medical exclusions.
    2. Your premium is based, in part, on your age. The younger you are when you buy coverage, the lower the premium will be.
    3. You don’t have to prove your income to qualify as a new optometry school graduate.

    Disability insurance can be very affordable, but not all policies are created equally, so it is important to discuss policy options and coverages with your FDA Services representative. Call or text us today at 850.681.2996 to discuss your disability coverage.
     


    This blog was originally posted on March 10, 2020.

    1 “Annual Statistical Report on the Social Security Disability Insurance Program, 2017.” U.S. Social Security Administration, Office of Retirement and Disability Policy, Office of Research, Evaluation, and Statistics, October 2018.
    2 Social Security Administration Fact Sheet, January 2019.

  • Telephone Communication for Health Care Providers: Safety Strategies

    Telephone Communication for Health Care Providers: Safety Strategies

    By Nicole Franklin, MS, CPHRM, Patient Safety Risk Manager II, The Doctors Company                     

    The way we communicate has changed dramatically over the years. Even with the introduction of technology-based communications, such as social networking sites, telemedicine, and texting, the telephone call is still the most widely used communication tool between health care providers and patients. Telephone conversations can, however, present difficulties and may be inherently deceptive if both parties lack the ability to observe nonverbal communication (for example, facial expressions, eye contact, and gestures) that clarify and qualify what the voice is expressing.

    When casually or carelessly conducted, telephone communications can lead to diagnostic errors and misunderstandings.

    Telephone Communication with Patients

    Creating comprehensive, clear guidelines for telephone encounters with patients is critical in mitigating risk. Establish practice guidelines and ensure that all office and clinical staff are trained on their roles in communicating with patients by telephone. Protect yourself from potential liability by following these general practices:

    • Smile when greeting patients. Research has shown that people are able to tell if you are smiling by the tone of your voice. Warmly express to patients that you are happy to speak with them today. This interaction may be the first impression that a patient has of the practice or the staff, and it is a factor in patient satisfaction.
    • Triage and refer all critical calls to emergency services. Examples of critical calls include abdominal or chest pain, fever of unknown origin, high fever lasting more than 48 hours, convulsion, vaginal bleeding, head injury, dyspnea, casts that are too tight, visual alterations, and the onset of labor. For more information on this topic, read our article, “Telephone Triage and Medical Advice Protocols.”
    • Obtain as much information as possible about the patient’s presenting complaint, medical and surgical history, current medications, and allergies to help you arrive at an accurate appraisal of the patient’s condition. Listen carefully and allow the caller both the time and opportunity to ask questions.
    • Speak to patients clearly and slowly, and enunciate carefully. Use easy-to-understand language that avoids medical terminology.
    • Obtain the services of an interpreter if you encounter a language difficulty. Follow the Americans with Disabilities Act (AwDA) requirements for patients using telephone auxiliary aids or services, including interpreters. For more information, see “AwDA Requirements: Effective Communication.”
    • Avoid distractions, such as checking email or attending to other duties, when speaking with patients. Drowsiness, fatigue, or distraction on the part of either party can affect the ability to communicate effectively.
    • Adhere to HIPAA rules and regulations to maintain patient privacy when communicating over the telephone, both inside and outside the office. Use a low voice when discussing protected health information, and implement reasonable safeguards to avoid disclosing information to others not involved in the patient’s care.
    • Develop written protocols for front office/unlicensed personnel to help them respond to patient questions and concerns. An unlicensed individual cannot provide medical or dental advice. Clinical/licensed individuals answering patient calls cannot exceed their scope of practice.
    • Prescribe or advise by telephone only when you have reviewed the patient’s allergies, medications, and medical and surgical history. If providing new instructions to the patient, such as changing a medication dosage, ensure understanding by asking the patient to repeat back the instructions to you. Document the patient’s understanding in the medical or dental record. For more information on this topic, read our article “Rx for Patient Safety: Use Ask Me 3 to Improve Patient Engagement and Communication.”
    • Accept a third party’s description of a medical or dental condition only when you have confidence in that person’s competence to describe what he or she sees. If descriptions are unclear, the patient may require an office visit.
    • Make prompt referrals if the patient’s call concerns a medical or dental problem that is outside your expertise. Proactively track the consultation and expected report, and follow up with the referred provider and patient.
    • Confirm that pharmacists understand all dosages and instructions for drug prescriptions given by telephone. Spell out any similar drug names and use individual numbers for dosages, such as “five zero” for 50. Include the reason for the use of the drug. Insist that pharmacists repeat information back to you. Do the same with facility personnel who take your telephone orders. A safer approach is to use electronic prescribing or fax the medication order.
    • Verify and document the patient’s adherence with telephone advice through a follow-up contact to ensure continuity of care.

    Documentation

    Disagreements about what was said during telephone conversations can be a major problem in professional malpractice cases. Follow these documentation processes to mitigate this risk:

    • Document all patient telephone conversations in the medical or dental record—including those received and returned after hours. Include the date and time of each contact and when follow-up is completed.
    • Record all details immediately about the information you received, what you advised, and the orders you gave. This action is especially important when a telephone call occurs after office hours or on a weekend.
    • Implement an office process for calls received during office hours. Office staff should tell the caller when the provider is most likely to return the call. Include tracking and follow-up to ensure that the caller’s questions and problems are resolved and documented.
    • Document a patient’s hospital medical record with telephone conversations about the hospitalized patient—including any conversations with nurses or other providers.

    Effective telephone communication and its documentation are vitally important in preventing and defending litigation. For additional risk reduction strategies see our telehealth resources and our article “Smartphones, Texts, and HIPAA: Strategies to Protect Patient Privacy.”

    For further assistance, contact the Department of Patient Safety and Risk Management at 800.421.2368 or by email.


    The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each health care provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

    This blog was reprinted by permission from The Doctors Company and was originally posted in December 2021.