By MATTHEW BRODSKY, senior editor/Web editor of Risk & Insurance«
VANCOUVER---Jim Whetstone's phone is ringing off the hook. Risk managers are calling the senior vice president for U.S. technology and privacy manager at Hiscox Specialty after reading the news about Epsilon's and Sony's recent massive data breaches. All types of organizations are learning that they are on the hook for breach notifications in 46 states, and healthcare organizations are feeling the heat from the federal HITECH law.
The realization is sinking in: Hey, this cyberstuff is pretty serious.
"I honestly cannot think of one entity that doesn't have the exposure," the Chicago-based Whetstone said about data privacy, talking with Risk & Insurance« at the annual meeting of the Risk and Insurance Management Society Inc. (RIMS) in Vancouver.
In particular, he said, any company that handles credit cards and healthcare organizations appreciate their cyberrisk.
The healthcare industry is looking at a federal Office for Civil Rights (OCR) that aims to investigate each and every breach from the past one and a half years, Whetstone said. The fines that could be levied for such breaches are higher now thanks to a 2009 change to the Health Insurance Portability and Accountability Act (HIPAA), which could explain the newfound vigor at the OCR. What's more, state attorneys general now have authority to investigate HIPAA-related privacy issues too.
"The regulators are really turning up the heat," Whetstone said.
Plaintiff's attorneys are also working hard to find ways to get negligence cases into the courts.
While all this is taking place, new insurance carriers are entering the cyberrisk, data breach and privacy space. In total, as many as 28 markets are selling insurance products to transfer these risks. Good timing, right?
Not if these carriers are bringing the dreaded "na´ve capacity."
Whetstone estimates that fewer than 10 of these 28 insurers know what they're doing in the space, these mostly being the carriers who have been selling these types of coverages for some time, know how to underwrite them, and provide specialized loss control and claims services.
May 4, 2011
Copyright 2011© LRP Publications