Time to Consider Cyber Coverage?
Laurie O’Malley, Senior Claims Adjuster // Hylant Administrative Services
A Real-Life Horror Story That Could Have Been Worse
A cyber criminal attacked the main server of an Ohio Plan member, a 911 dispatcher. The hacker accessed social security numbers in their police report database, going back 10 years. Forensic testing revealed that social security numbers for approximately 135,000 people had been compromised.
The Ohio Plan member had purchased $250,000 of cyber coverage, with a $25,000 deductible. The total estimated cost to address this hacking incident was $290,000. The costs include sending notification mailings to everyone affected, attorney fees and forensic computer analysis to determine exactly what happened and how. These steps were necessary to comply with legal requirements that apply to breaches.
Actions Following a Cyberattack
Cyberattacks are becoming more prevalent, can take many forms and can affect one person or millions of people. Sensitive personal information can be exposed during a cyberattack or breach, which is why cyber incidents or suspected incidents should be reported right away. Once possible or confirmed access of sensitive personal information is discovered, you must take steps so that those affected or possibly affected can prevent their personal information from being misused. These steps are at times required by both state and federal law. They can be costly and difficult to perform without specialized vendors.
These steps include, but may not be limited to, the following:
- Verifying the exact type of information that was accessed so that it can be determined how sensitive the compromised information is. Forensic testing vendors perform this step.
- Notifying those who are possibly affected that their personal information may have been compromised. Notifying each party is costly.
- Putting protection in place by hiring a credit- or identity-monitoring service. These services can monitor financial accounts and/or sensitive personal information to detect any misuse of personal information, financial accounts, etc.
- Employing forensic services to investigate a breach involving digital devices and networks. The service must determine both the method of entry and the scope of the event, and profile and quantify the data loss.
How Ohio Plan Helps Members
Once an insured Ohio Plan member contacts our claims department about a possible data breach or attack, we contact an attorney who specializes in dealing with these issues. We provide the information about the situation. The attorney then contacts our member to discuss the matter and provides guidance as to the appropriate procedures and steps to take, based on the type and size of the breach and on the state and federal laws that might apply. If the member wants or needs continued assistance the attorney will assist a forensics firm in getting notification out to victims of the breach or attack, providing information on credit monitoring companies, assisting with the monitoring setup and any other steps that might be needed.
Based on the type of breach or attack, acting quickly and implementing the appropriate steps can help limit or eliminate altogether the harm that could result. The Ohio Plan can help members minimize the loss and may cover many costs related to the loss. Discuss this specialized coverage with your Ohio Plan agent to determine how you can protect your entity.