(800) 869-8643

admin@hayesbrokers.com

Case Study: Dental Office Ransomware

Case Study: Dental Office Ransomware

We’ve discussed in previous blog posts about how ransomware has affected cities across the United States. Today, we want to show how ransomware can affect your business and those around you. Recently hundreds of dentist offices around the country were struck by a ransomware issue. Dentists across the country were unable to access patient records, scheduling, x-rays, and client payment accounts due to ransomware that had not been downloaded by their individual offices. Here’s What Happened On August 29, 2019, CNN and other news outlets reported that dental offices around the country were unable to function due to ransomware attacks. The ransomware was not isolated to each individual office. It was actually coming from a centralized location. These offices utilized the services of third-party providers for their payment systems, scheduling, and storage of patient records. Two companies providing these services had been hit with ransomware attacks, disabling not only their systems but the offices for which they provided services. Here’s What Happened Next Over 400 dental offices around the country were affected. Those offices were unable to access records, unable to treat patients and unable to accept payments for several days after the attack while the third-party companies worked to restore access to client records for these offices. The individual dental offices were financially affected because they were unable to service clients on those dates. There was also confusion due to their inability to access scheduling records. Cyber Liability Insurance To The Rescue The third-party vendors reported that around 100 clients (and possibly more at press time of this blog) had systems restored due to their efforts. It is...
Case Study: Ransomware and Cyber Extortion

Case Study: Ransomware and Cyber Extortion

It happened with lightning speed: on May 29, 2019 an employee of the city of Riviera Beach, FL opened an email with an attachment that contained malware. The attachment infected that computer and began rapidly spreading to others within the city’s network. The malware crippled the city’s email system and even affected 911 dispatch operations. The hackers demanded $600,000 in ransom to return the data that had been stolen. What Happened Next? On June 7, 2019 the Riviera Beach city council voted to pay the ransom of $600,000 in bitcoin to have their data returned. To date it is unclear whether this payment will result in the expected outcome.  Has This Happened Before? Cities in North Carolina, California, Florida, Maine and Maryland have been hit this year. The most costly ransomware attack to date happened in March 2018: Atlanta, Georgia was almost completely taken down by hackers who demanded just over $52,000 in ransom. The city estimates it has paid over $17 million to repair the damage caused by the attacks.  Ransomware Isn’t Just For Cities According to the blog Mimecast 92% of organizations experience a ransomware or malware email incident every year. They also report that businesses are down for an average of three (3) days due to ransomware/malware attacks. The cybersecurity firm Sophos reports that the average cyberattack costs a business $133,000. That’s a large pill to swallow for a business that was down for 3 or more days. How To Protect Your Business There are ways to protect your business before and after a cyberattack. Before: Always make sure that cyber security systems are up to...
Case Study: Cyber Liability Third-Party Data Storage

Case Study: Cyber Liability Third-Party Data Storage

When it comes to your customer and business data, who can you trust?  There is no question that it is safer to store data offsite than keeping it on your premises. Most businesses lack the capital to privately store data at an alternate location, so they depend on third-party data storage companies. A cannabis dispensary found out the hard way that third-party data storage isn’t always the safest bet. The dispensary contracted their data storage needs through MJ Freeway, a compliance solutions provider that offers point of sale and data storage. Here’s What Happened In November 2016, MJ Freeway experienced several outages. In January 2017, a cyber attack was discovered, and the ensuing investigation into the attack revealed that confidential client data had been breached November 2016. In November 2017, MJ Freeway notified customers via email and an online press release that the data breach had occurred. It took MJ Freeway nearly a year to notify their customers of this breach. In that time, the data may have been disseminated to other parties, though it is unclear whether that has occurred. Why This Is A Problem In the event of a data breach, most states and the federal government require that consumers be notified “as soon as possible” of a data breach, and usually no more than 60 days after the discovery of said breach.  Regulations may also stipulate that if a breach is in excess of $250,000 or exceeds 500,000 customers, website posting and media notification may be used. So this begs the question: was the data breach that large, or was the notification of customers made too...
Does My Mobile Cannabis Business Need Insurance?

Does My Mobile Cannabis Business Need Insurance?

It is a fallacy that many mobile cannabis businesses fall into: if I don’t have a retail location, I don’t need insurance.  The truth is, if you have a business of any type, you need insurance to protect yourself and your investors. No Retail Location? You Still Need Insurance. Many only equate the need for insurance with business locations and landlords. However, if you run your business out of your home you still need insurance coverage.  Why? Because both typical and atypical business pursuits are excluded by your homeowners or renters insurance. Personal lines policies exclude any business done in the home or anywhere on the home premises. The policies exclude the work being done, the work product, employees, inventory and business equipment. Some policies may even cancel coverage for homeowners operating businesses out of their homes. If you are storing stock in your garage or in your spare bedroom, there is no coverage for it in the event of a fire, theft or other hazards. Liability coverage under your homeowners policy also will not extend to business pursuits. There will be no coverage for customers on premises, products liability, or personal or advertising injury, as businesses are excluded from the policy. The good news is both of these coverage lines can be written on your business even if you are operating out of your home. No Commercial Auto? You Still Need Insurance We have previously blogged about the need for commercial insurance for delivery services. The exclusions for livery use of personal vehicles applies whether the car is owned by you, your spouse, or an employee.  The only...
The Cyber Risk YOU Should Worry About

The Cyber Risk YOU Should Worry About

We have written on this blog many times about the importance of cyber liability insurance for businesses. Even with all of the articles and advice, the coverage still isn’t taken as seriously as other parts of the insurance portfolio. The fact is, you may think that your business isn’t big enough to worry about cyber risk. After all, foreign hackers are more interested in big business. What would they want with your little company? Just as there are large businesses, there are large hackers. And there are small hackers who would be happy to take down even a small business for the potential windfall. The thing that might surprise you isn’t WHO wants to get your data, it’s HOW they are going to get it.  The easiest way?  Through your employees. Accidental: The Lost/Stolen Laptop Your employee stops at the airport bar to have a drink prior to a flight and leaves the laptop on the floor. By the time he realizes it is gone, he’s already in Poughkeepsie and the bag is in Orlando.  Maybe it got turned into the lost and found, but more than likely it didn’t. A lost or stolen laptop for most people and businesses may just be a nuisance. The cost to replace the laptop these days can be minimal, but what about any customer data that may be on the laptop, or proprietary information? In the wrong hands that data can translate to stolen identities and thousands of dollars in lost revenue for your business. Calculate the cost to notify your customers, as well as the cost for credit monitoring and loss...