Next up (to deal with a data breach): the NFL
Multiple media outlets, including the Washington Post and Yahoo! Sports are reporting that the medical records of thousands of players were recently stolen from the car of a Washington Redskins athletic trainer. According to a report from Yahoo! Sports:
“The thief or thieves stole a backpack that contained records for thousands of players that included every NFL combine attendee since 2004. That would consist of the majority of the NFL's nearly 3,000 active players, in addition to hundreds of others who are not currently on rosters and several more who have retired (Edholm, “Yahoo”).”
The report goes on to state that the records stolen were both paper and electronic; at least some of the electronic records, stored on both a laptop and zip drive, were unencrypted.
Security / Cyber Liability Insurance Coverage Issues to Review:
1) Does your cyber policy cover all data/media, in any form, or just electronic media? You’ll have to look at the “Definitions” section of your policy for this, either under “Identity Information,” “Media,” “Data” or another similar heading. If your policy only covers electronic media, that coverage restriction will disallow any claims for data contained on the paper documents mentioned above.Look for your policy to cover all media, both electronic and non-electronic, for the broadest coverage.
2) Does your cyber policy cover regulatory fines and penalties? According to the U.S. Department of Health and Human Services and HIPAA, any personal health information (PHI) must be “rendered unusable, unreadable, or indecipherable to unauthorized individuals.” This process is often referred to as encryption. Since the data of the laptop and zip drive were not encrypted, the NFL could be facing regulatory fines and penalties as a result of their failure to protect the players’ private health data.
3) Don’t forget: data breaches aren’t always the result of hackers. This was simply a case of theft, and did not involve hackers, cyber criminals, and the like. When reviewing your information security risk management procedures, don’t just focus on firewalls, anti-virus programs, etc. Human error (i.e. leaving this backpack in the car instead of taking it into the house/restaurant/gym) is one of the leading causes of data breaches. Remind all employees, from entry-level to upper management, that securing private data is their responsibility.
MORE INFORMATION
Your Property & Casualty Consultants at Hausmann Johnson Insurance are happy to review all of your cyber risk management options, including insuring against financial losses.
Let us know how we can help you.
UPCOMING WEBINAR
http://info.hausmann-johnson.com/your-companys-data-breach-risk-webinar-registration
COMMENTS