Examples of Stolen Information
- Social security numbers
- Sensitive information about an injured worker’s status
- Worker is HIV positive
- Embarrassing circumstances about an accident
- Chronic disease
- Unannounced pregnancy2
Online Shift Creates More Vulnerabilities
The fact that workers’ compensation processes have shifted online during the pandemic has made more information accessible on the worldwide web.3 Remember when information was traditionally stored in paper files inside drawers and cabinets? This made it difficult for information to be stolen unless an outside individual gained physical access into a building, or information was stolen by someone privy to that information, such as an employee. Now, through technology, procedures involving “legal disputes, benefits applications, communications and medical treatments” all functioning in a virtual environment has created more vulnerabilities, which can be exploited from occasional updates to software or operating systems.45 Many of the changes made during the transition to online and remote work are here to stay, as people view them favorably. One example is telemedicine, where healthcare details of patients are shared and can go into workers’ compensation suits.
Biometrics
As patients’ and injured workers’ personal information is being stored on the internet, so are their biometric data. Biometric information may include sensitive information about one’s DNA or physical characteristics, such as fingerprints, gait (walking style), eye characteristics, vein recognition, voice recognition, and digital signatures.6 Biometrics can “identify a person for their entire lifetime.”7 As such, privacy concerns are abound when others gain access to this information. Often biometrics are used to unlock devices such as smartphones or gain “entry into offices and secure areas.”8 Hackers may use this to infiltrate organizations. On the dark web, personal health information “tends to be among the more expensive data files sold”, all which hackers can use to commit fraud.9
Types of Fraud That Can Be Facilitated Through Access of Sensitive Information
- SSN Fraud
- Healthcare Fraud – using someone else’s insurance information for personal gain.
- Tax Identity Theft – filing a tax return in another person’s name to obtain a refund.
- Biometric ID Theft
- Synthetic Identity Theft – where people create fictitious identities using your personal information.
- Medical Identity Theft – posing as another person to receive medical services.1011
Examples of Cyber-Attacks
There is a growing urgency for companies to be able to respond and protect themselves from cyber-attacks, which can include:
- Social Engineering Scams – phishing or baiting scams through email and online downloads.
- Malware, or ransomware – installing harmful software on a computer after clicking on a link or email attachment.
- Botnets – spread spam and deliver viruses.
- Denial-Of-Service (DDOS) – overwhelming a system’s resources causing a site to go offline.
- SQL Injections and Other Web Application Attacks – inserting malicious code, allowing otherwise private information to be divulged, such as “customer details, user lists, and confidential company data.”12
Cyber Liability Insurance
Cyber liability insurance, which can provide expert resources and financial support, is becoming more of a go-to for companies. Organizations that use it can provide peace of mind to their clients to protect against threats. Other organizations that want to do business through contracts may even seek or favor companies that have cyber liability insurance.13 Protecting personal information of clients is a top priority for the business landscape as cybercrime evolves and becomes more prevalent.
1 DuChene, Courtney. “HIPAA Violations Are Just One of the Exposures in a Workers’ Comp Industry Cyber Attack.” Risk & Insurance, Risk & Insurance, 3 Mar. 2020, riskandinsurance.com/hipaa-violations-are-just-one-of-the-exposures-in-a-workers-comp-industry-cyber-attack/.
2 Grover, Nancy. “Workers’ Comp Ripe for Cyber Attacks.” Risk & Insurance, Risk & Insurance, 25 Sept. 2015, riskandinsurance.com/workers-comp-ripe-for-cyber-attacks/.
3 Childers, Angela. “Comp Sector Faces Security Risks as It Shifts Online.” Business Insurance, Business Insurance Holdings, 1 Apr. 2020, www.businessinsurance.com/article/20200401/NEWS06/912333795/Workers-comp-sector-faces-security-risks-as-it-shifts-online-cybersecurity-cyber.
4 Ibid.
5 Grover, Nancy. “Workers’ Comp Ripe for Cyber Attacks.” Risk & Insurance, Risk & Insurance, 25 Sept. 2015, riskandinsurance.com/workers-comp-ripe-for-cyber-attacks/.
6 “Types of Biometrics.” Biometrics Institute, Biometrics Institute, 14 Dec. 2018, www.biometricsinstitute.org/what-is-biometrics/types-of-biometrics/.
7 “Biometrics: Privacy International.” Biometrics | Privacy International, Privacy International, privacyinternational.org/learn/biometrics.
8 Bowman, Bill. “Biometric Hacking.” Security Boulevard, MediaOps Inc., 1 Apr. 2019, securityboulevard.com/2019/04/biometric-hacking/.
9 Childers, Angela. “Comp Sector Faces Security Risks as It Shifts Online.” Business Insurance, Business Insurance Holdings, 1 Apr. 2020, www.businessinsurance.com/article/20200401/NEWS06/912333795/Workers-comp-sector-faces-security-risks-as-it-shifts-online-cybersecurity-cyber.
10 Hayes, Marianne. “The Many Different Forms of Identity Theft.” Experian, Experian, 29 Sept. 2020, www.experian.com/blogs/ask-experian/20-types-of-identity-theft-and-fraud/#s9.
11 Ramsey Solutions. “9 Common Types of Fraud.” Ramsey Solutions, Lampo Licensing, LLC., 25 Feb. 2021, www.ramseysolutions.com/insurance/types-of-fraud.
12 PolicyWire by Amtrust. “Common Types of Cyber Attacks.” WorkersCompensation.com, WorkersCompensation.com, LLC., 5 Nov. 2020, www.workerscompensation.com/news_read.php?id=37294.
13 PolicyWire by AmTrust. “Is Cyber Liability Insurance Worth It?” WorkersCompensation.com, WorkersCompensation.com, LLC., 26 May 2021, www.workerscompensation.com/news_read.php?id=38845&forgot=yes.
