By Jesse Shade, Vice President, Information Technology, Tower MSA Partners
The workers’ compensation industry quickly responded to the coronavirus by moving operations from offices to employee homes. While allowing workers’ compensation companies to seamlessly transition their services, these changes have unleashed cyberattacks by actors spreading their own version of a virus. Computer viruses are targeting individuals, small and medium enterprises, and large organizations, trying to paralyze businesses by breaching information technology (IT) systems.
An April 8 joint alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre reported an increase in COVID-19-related themes in cyberattacks.
Stay-at-home rules prompted many workers’ compensation organizations to accelerate their adoption of telehealth technologies and quickly deploy a WFH workforce. Unfortunately, telemedicine and telecommuting may rely on potentially vulnerable services, such as virtual private networks (VPNs) and less-than-secure Wi-Fi connections.
The unprecedented number of people working from home – some for the first time – has furnished a new, enticing opportunity for threat actors. Worldwide ransomware attacks soared by 148 percent in March as compared to February, according to software and security company, VMWare Carbon Black.
Even more disturbing was an announcement on April 21, 2020 by Arctic Security and its partner Team Cymru that “despite the focus on VPN hacks and attacks at home, trending cyber research indicates that computers at more than 50,000 organizations in the US had been infected prior to stay-at-home orders. Researchers say they are witnessing previously infected computers being activated now that their malicious communications are no longer being blocked by corporate firewalls.”
The bottom line is while attacks happen all the time, cyber threats flock to crises.
Impact of Telecommuting on System Security
Telecommuting can create a vulnerability in any IT system. Put simply, clicking on the wrong link can introduce a ransomware attack or other breach. With a centralized workforce, systems live behind firewalls, VPNs and security appliances. When people work from home (WFH), security concerns come down to how you connect the client or workstation to the network. If the client is not secured by running antivirus/antimalware software and ideally being actively monitored, the client could introduce viruses or malware putting the enterprise at risk.
WFH poses a major risk for all businesses within the workers’ compensation industry. Software systems that provide claims management, bill review, managed network provider logistics, and Medicare Secondary Payer (MSP) compliance are among the many systems in workers’ compensation that warehouse, manage and exchange vast amounts of personally identifiable information (PII) and protected health information (PHI). Remote access to these systems across the workers’ compensation industry requires the approach to enterprise security to extend beyond the firewall.
While data encryption and transmission via Secure File Transfer Protocol (SFTP) or secure portals provides data transfer security, mitigating risk in a VPN environment is far more complicated. Verizon’s 2019 Data Breach Investigation Report calculates that email phishing accounts for 94 percent of how viruses and malware enter a system.
During the workers’ compensation WFH transition, experienced IT pros deployed VPNs to connect remote machines to enterprise networks. Many also installed the latest and greatest security software. However, it is important to remember if the company can buy anti-virus and anti-malware software off the shelf or online, threat actors have already purchased and analyzed it and developed strategies to work around its detection capabilities.
Being Proactive – The Next Level of Cyber Threat Detection
With the recent uptick in cyber events, many organizations have moved beyond traditional logs, security audits and other tools to real-time network monitoring to detect attacks and block breaches.
Without proactive 24/7 monitoring, breaches are not usually detected immediately. Not having it is analogous to doing a retrospective audit months after the fact. You find out when and where things went wrong, but it may be too late to resolve the problem.
A breach can ruin a company’s reputation, invite litigation, and even bankrupt a business. IBM put the average cost of a data breach in the U.S. at $8.19 million in its 2019 Cost of a Data Breach Report. A good 10 percent of compromised companies shut down after a breach, according to a National Cyber Security Alliance report.
Once a user clicks the wrong link and inadvertently installs a nefarious program, a bad actor can enter the system undetected and stay there for months to learn how to circumvent its security measures. According to the IBM report, it took a U.S. company an average of 196 days to recognize a breach and another 49 days to contain it in 2019. That gives criminals plenty of time to figure out how to steal data or destroy the system itself and render a business helpless.
Because of the massive resources real-time monitoring demands, most companies choose to outsource to a Security Operations Center (SOC). A SOC proactively searches for security risks and detects and prevents a threat actor from exploiting a vulnerability while an attack is actually happening. These companies immediately alert the company’s IT team to meaningful security events and recommend ways to resolve them.
Migrating to a SOC environment requires careful planning and coordination of business and technology requirements and processes. A fully operational SOC will have the capabilities necessary to help secure your organization in the midst of the modern threat landscape. The key is to partner with an SOC that is tailored to fit your business’s realities.
Next week’s article will discuss best practices for securing your workers’ compensation data during normal times and disasters.
About Jesse Shade
An accomplished senior information systems professional, Jesse Shade oversees all aspects of Tower’s technologies, including its data security, systems architecture, disaster recovery, and the maintenance and enhancement of its internal systems for Medicare Set-Asides and Section 111 compliance.
Possessing an unusual blend of interpersonal skills as well as hands-on technical expertise, Shade is responsible for strategic planning and serves on Tower’s executive team. He leads, manages and motivates Tower’s IT staff along with its software and infrastructure projects while also developing the company’s complex technology solutions. His responsibilities include SQL Server development, data modeling, and analysis along with .NET development using Visual Studio 2017, Entity Framework, Bootstrap, HTML, and CSS.
Shade joined Tower in 2018, bringing more than 35 years’ experience in the design and development of technology solutions in a wide variety of industries, including aviation, banking, defense, energy, government, and manufacturing as well as insurance. He is a graduate of the New England Institute of Technology.
Jesse was recently invited to join the Forbes Technology Council – an invitation-only organization for senior-level technology executives.
He can be reached at jesse.shade@towermsa.com.
About Tower MSA Partners
Headquartered in Delray Beach, Florida, Tower MSA Partners provides Medicare Secondary Payer services that focus on settlement optimization via pre-MSA intervention and cost mitigation.
Services include pre-MSA Triage, Medicare Set-Asides, physician peer reviews, drug utilization reviews, CMS submissions, medical cost projections, life care plans, conditional payments, and Section 111 reporting.
Tower leverages leading edge technology to proactively stage claims and works collaboratively with clients to identify issues and intervene to modify outcomes. Tower remains involved in the claims through final resolution, MSA and/or other settlement.
This model enables Tower’s clients to provide better care to injured workers, reduce claim and MSA costs, and obtain CMS acceptance of the MSA. For more information, call 888-331-4941 or visit www.towermsa.com or https://towermsa.com/blog/.