To highlight the benefits of recently launched program, myMatrixx myRXAdvocateSM, and to provide a deeper understanding of the principle of pharmacovigilance that it’s built on, our Chief Clinical Officer Phil Walls recently sat down to record video blog series.
In this latest installment of Facetime with Phil, he introduces myRXAdvocateSM as the continuation of our efforts to innovate in the clinical therapy management space. Much like how a credit card company will alert customers to potentially suspicious purchases, a PBM should be able to provide proactive messaging regarding higher-risk patients. Throughout the four-part series, Phil discusses the origin of pharmacovigilance and illustrates how it can help our partners provide safer and more cost-effective alternatives to drug therapies such as opioids. You can watch the videos here.
New Facetime with Phil video installments will be released in 2020.
To learn more about myMatrixx, please visit their website.
myMatrixx® is a pharmacy benefit management company dedicated to workers’ compensation. The unique combination of myMatrixx and Express Scripts makes us the only workers’ compensation pharmacy benefit manager that can deliver high touch customer service, clinical expertise and actionable data analytics while leveraging Express Scripts’ pharmacy network, comprehensive clinical services, mail order program and specialty solutions to meet the individual needs of our clients and their injured workers. For more information, visit myMatrixx.com.
Cyber security is not a novel concept for companies, but it’s something that has been top of mind, especially in the last few years. No doubt the coronavirus and its sequential work-from-home mandates disrupted the cyber protection game in the last 12 months alone. Phishing schemes and ransomware attacks have since been on the rise.
In fact, one report shows that ransomware has increased by 239% since 2018. Additionally, payments made due to ransomware demands have tripled in the last two years alone.
“Ransomware is not new, but it’s certainly proliferated over the last two years,” said Jason Glasgow, Vice President, U.S. Cyber Lead at Allied World. “In its basic form, ransomware is a phishing attack or some other similar infiltration on a computer or server that allows bad actors to lock up a system and then ransom either the data or the keys to unlock that system for money.”
Whether that be in dollar amounts or a cryptocurrency like bitcoin is up the hackers themselves.
With such a pressing and prevalent vulnerability knocking at their cyber doors, it’s imperative that companies prepare for and mitigate the risk of ransomware now. To do that, they need to understand what’s at stake, as well as have an understanding of what risk strategies are available to them.
Here are three things companies and their risk teams need to know.
1) Ransomware Attackers Are Evolving, From Whom They Target to How
Jason Glasgow, Vice President, U.S. Cyber Lead at Allied World
David Rock, Vice President, North American Claims Group at Allied World, said that the evolution of ransomware has been interesting to watch, particularly from the claims perspective.
“Six or seven years ago, ransomware attacks were similar to a sort of scattershot type of attack,” he said, further explaining that “the attackers would send out malicious links but didn’t necessarily know where the link would land.”
“Today, threat actors see the benefit of picking their targets and doing a little reconnaissance on who they are attacking,” Rock said.
That kind of due diligence on the part of the hacker is leading to much more sophisticated attacks. Bad actors are no longer relying on random, malicious links that could land anywhere from a Fortune 500 company’s inbox to a local small business. Instead, hackers are finding the value in understanding their chosen target.
These actors will now search out a company to see if it can even afford to pay a ransom in the event its data is locked.
“We’ve seen instances where threat actors will send a company evidence of the company’s ability to pay,” said Glasgow. It’s a growing trend in using ransomware to exfiltrate data.
Data has become king in the ransomware game. Gone are the days where a hacker would simply infiltrate and lock down a system; today, hackers are looking to get their hands on as much sensitive data as possible.
“Companies hold a lot of data, and depending on the type of business being conducted, that could mean customer information, employee information and sensitive materials on how their operations are run,” Rock said. “What we’re seeing in these is attacks is not so much a negotiation based on the return of a decryption key to unlock the systems, but instead a ransom for sensitive information.”
2) The Key Ransomware Exposures Every Business Must Prepare For
David Rock, Vice President, North American Claims Group at Allied World
Cyber insurance acts as the first barrier when it comes to the threat of a ransomware attack. But when a ransom is set, insureds and insurers alike still need to be on top of the added exposures. From the ransom payment itself down to any legal fees, a ransomware attack isn’t just a cyber risk.
“Legal expenses are a large part of ransomware risk,” said Rock. “But it shouldn’t just be about providing insureds with legal coverage; there’s nuance to it.”
Insureds will want to partner with law firms that are specifically focused on cyber threats of this nature, particularly when it comes to privacy/cyber laws. This assistance and guidance ensure that insureds exposed to a ransom are responding to a breach accurately and swiftly.
“And certainly, any time you’re dealing with a ransomware attack, you’re going to be facing some type of potential payment,” Glasgow added. That could mean traditional dollars or — a popular option with hackers — cryptocurrency. “That means the insured will need to be partnered with an insurer that can help throughout the process of securing the payment.”
Beyond that, insureds will need to sort through forensic costs.
“Forensic vendors will assist insureds with shoring up their systems to help stop the attack and preventing it from proliferating even further,” Rock said.
Finally, a ransomware attack could leave operations at a standstill. Business interruption can be costly, so it’s imperative that coverage is in place before any attack can even occur.
3) Steps Risk Professionals Need to Take to Combat Ransomware
“The importance of education can never be overstated when it comes to ransomware,” said Glasgow. “Every company can be a target. Therefore, every company and their risk management team needs to learn about what can happen.”
That starts with understanding the exposures and having a cyber plan in place to address each one. Cyber insurance can act as a roadmap for network security, Glasgow explained. “And that should help prevent all types of cyber attacks, in addition to ransomware.”
For insureds that do not have an internal risk management team, Glasgow and Rock both urge selecting a carrier that can help.
“Allied World, for example, has a platform called FrameWRXTM that is a robust risk management platform for the cyber space,” Glasgow said. “We help guide our insureds with expert vendors to help with various risk management items that the insured does not pay any additional cost for.”
In addition, companies must have an expert claims team on their side in the event a ransomware attack occurs. And finally, Glasgow and Rock suggest that no matter what the approach, it must be a collaborative one in which risk management, the insurer, claims and any vendor involved are all on the same page.
What a Strong Ransomware Defense Should Look Like
Facing a ransomware attack can be a stressful time for a company, no matter how prepared they might have been before the event. Even with all the right planning in place, nerves can run high.
But that doesn’t mean a company is completely without support. Having the right carrier involved from the start will ease the stress and help keep any issue or claim moving forward.
At Allied World, the team is working hard to do just that.
“Our policy is robust. It provides our insureds with multiple avenues of coverage,” said Rock. “We’ve seen every type of breach that’s been in the marketplace, and we see how they’ve evolved.”
“Because of that, we’ve taken a holistic approach between underwriting, risk management and claims,” added Glasgow.
Allied World brings together all departments to tackle companies’ ransomware vulnerabilities long before an event even occurs. Its approach starts at the beginning, during the underwriting process, where the team will evaluate a company’s risk. From there, once insured, Allied World’s risk management professionals provide proactive advice and support to help improve the company’s posture.
“Our claims team is actively involved with collaborating with both risk management and underwriting as well,” said Rock. “It’s all in an effort to make the response to any incident, any breach that could arise, as seamless as possible.”
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Allied World. The editorial staff of Risk & Insurance had no role in its preparation.
Allied World is a global provider of innovative property, casualty and specialty insurance and reinsurance solutions.
9 Ways Societal Views Affect Businesses and Bring About New Risk
The way society interacts with and views businesses has shifted in recent years. From a higher demand for corporate social responsibility to a bigger virtual presence, here’s how society is changing the risk landscape.