Spies, thieves and joy hackers have helped turn health insurance cyber security into a hot legal specialty.
See also: 5 ways cybersecurity could cause cyber hives
Insurers and brokers need help with everything from interpreting the Health Insurance Portability and Accountability Act of 1996 (HIPAA) “covered entity” provisions; to drafting and interpreting the agreements that the covered entities must get “business associates” to sign; to providing seminars, procedure reviews and soothing herbal tea for business associates that are facing the possibility of undergoing “Phase 2 audits” by investigators from the Office of Civil Rights at the U.S. Department of Health and Human Services (HHS).
See also: 5 reasons the Anthem hacking story should make YOU shiver
Jon Kelly, a partner in the New York office of Sidley Austin L.L.P., is one of the advisors building teams that can help insurers deal with a hard-to-detect, hard-to-explain, marshmallow-like threat that, apparently, could ooze out of anything from their computers to their phones to their automated climate control systems at any time, and trigger involvement with any elected or appointed official in the world who happens to enjoy reading about hackers.
Since late 2014, Kelly has been seeing insurance clients thinking more about cyber security issues.
For a look at what Kelly said about the state of insurance industry data security regulation in a recent telephone interview, read on.
1. The New York State Department of Financial Services really woke people up.
For many years, hacker magazines entertained readers with articles about youngsters who made unattended retail store cash register terminals their playground.
In the past year, news about retail system vulnerability reached primetime audiences with the news of the massive Target and Home Depot hackings.
Hackers then caught health insurers’ attention by hacking Anthem and Premera.
But Kelly says he thinks the New York State Department of Financial Services also played a role, by releasing survey data that hinted at the sketchy nature of some insurers’ data security efforts.
See also: What New York says about insurers’ cyber failings
The department’s report “shows that the insurance companies weren’t as astute as the regulators would like,” Kelly said.
Image: GI photo/Claus Alwin Vogel