Skip to site content



Managing Vendor Risk: Lessons Learned After the Change Healthcare Breach

May 2024  |  Brian Johnson

The healthcare sector was dealt another blow on February 21, 2024, when Change Healthcare, a division of Optum and a subsidiary of UnitedHealth Group Incorporated, fell victim to a cyberattack. The company disclosed that the attack compromised customer data and disrupted operations, leading to a shutdown of c...

Social Engineering Took Down Giants. Don’t Let It Take You Down, too.

February 2024  |  Rana McSpadden, FACMPE

In September 2023, MGM Resorts International and Caesars Entertainment reported they were victims of a cyberattack. The attack disrupted operations for multiple MGM properties for an extended period of time and ultimately cost the company an estimated $100 million[1]. Caesars Entertainment paid $15 million of...

The Growing Legal Risk of Online Tracking Technologies on Healthcare Websites

November 2023  |  Justin Joy, JD, CIPP

The use of website tracking technology, such as the Meta Pixel, in the healthcare industry continues to garner media attention.  A prior Sentinel article in February 2023 provided information about the risk posed by website tracking technology, and a May 2023 article provided additional information on th...

The Hidden Dangers of Online Trackers

May 2023  |  Brian Johnson

Recent events have drawn attention to the widespread use of online trackers and raised privacy concerns for healthcare organizations. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a bulletin following filed complaints, class action lawsuits, breach notifications, a...

The Dangers of Meta Pixel on Your Websites

February 2023  |  TMHCC Cyber Risk Team and Shortened by Judy Musgrove

We are seeing hundreds of healthcare providers and other businesses targeted by class action lawsuits across the country, alleging the unauthorized disclosure of personally identifiable information (PII) and personal health information (PHI), and seeking civil damages for each disclosure. PII and PHI was...

New Year, New Threats- Time to Review Your Cybersecurity Program

January 2023  |  Rana McSpadden, FACMPE

It is a new year, and criminals are consistently coming up with new cyber threats. Now is a perfect time for practices to review and update their cybersecurity programs.  Over the last two years, we have focused on providing cyber articles and resources to assist our policyholders with cybersecurity.&nbs...

Phishing by Fax: Do Not Become a Victim

October 2022  |  Rana McSpadden, FACMPE

Scenario: It is Friday afternoon, and the physician is working on a stack of documents requesting his signature.  Most are routine requests, but one in particular draws his attention.  It is seemingly from a national pharmacy requesting the practice confirm an active patient and indicates it is purs...

Intersections of the ONC Information Blocking Rule and the HIPAA Privacy Rule May Create Overlapping Obligations

May 2022  |  Justin Joy, JD, CIPP

Health Information Accessibility, Interoperability, and Information Blocking While there were likely earlier efforts, the policy of increasing health information exchangeability and system interoperability was stated over 25 years ago in the enactment of the Health Insurance Portability and Accountability Ac...

Cyber Education is More Than a Meeting

April 2022  |  Rana McSpadden, FACMPE

A practice does not need to implement the most expensive technology or hire full-time IT staff in order to comply with the HIPAA Security Rule. So long as policies and procedures, technology, and physical safeguards which are appropriate for the size of the practice are put in place, compliance is achievable....

Covered Entity? Business Associate? Know the Difference and Your Obligations under HIPAA

January 2022  |  Justin Joy, JD, CIPP

No matter how small, every medical practice likely has multiple vendors upon whom the practice relies for its everyday operations. Larger medical practices may have arrangements with dozens of third parties providing an array of services ranging from administrative support to x-ray machine service. With the n...

Obligations of Medical Practices in Responding to Data Security Incidents (Not Just Data Breaches)

November 2021  |  Justin Joy, JD, CIPP

Physician offices, hospitals, banks and even pipeline companies; nearly every day, there is a story somewhere about a data breach impacting these types of organizations.  What is not as well publicized, however, are the much more frequent security incidents that impact any organization that has an inform...

Cyber Attack Prevention Strategies

October 2021  |  Brian Johnson

You don't have to look far to find a company that's experienced a cyberattack. The healthcare industry has certainly seen their fair share of attacks throughout 2021. Large hospitals, small clinics, and cloud based electronic medical record (EMR) solutions are included in the growing list of organizations fal...

Know Your Policy: Your Coverage and Responsibilities under the Cybersecurity Policy

September 2021  |  Sherie Edwards, J.D.

As a value-added benefit of your SVMIC professional liability policy, you and your practice are provided with $50,000 of cybersecurity coverage (with the option to purchase more coverage).  This coverage, although provided by SVMIC, is written and administered by Tokio Marine Houston Casualty Company, re...

Back It Up - The Importance of Proper System Backups

August 2021  |  Brian Johnson

We are a society that greatly depends on technology. Regardless of industry, all organizations rely on computers to conduct all manner of business operations. Additionally, your medical practice depends on computers and software to provide medical care to patients. Before computers, these processes were once ...

Security Risk Analysis: Step One of an Effective Cybersecurity Program

July 2021  |  Loretta Verbeck, MS, FACMPE, CHC

Cybersecurity is a topic that physicians and their staff cannot ignore. Ransomware, data breaches, distributed denial of service (DDoS) attacks, and email fraud are just a few of the cybersecurity issues that can cause financial and reputational damage to any organization. In healthcare, the impact of a cyber...

Ransomware 2.0 - The New Generation of Ransomware

June 2021  |  Rana McSpadden, FACMPE

On May 7, 2021, the U.S. felt firsthand the consequences of a ransomware attack when the Colonial Pipeline Company was hacked by the criminal cybergroup DarkSide. This hack disrupted a major infrastructure system and caused panic for many Americans.  Even though Colonial Pipeline paid the $4.4 million ra...

Cybersecurity Resources to Protect Your Practice

May 2021  |  Loretta Verbeck, MS, FACMPE, CHC

It is difficult to make it through an entire week without a new cyberattack making the news. The FBI reported in their 2020 Internet Crime Report 791,790 complaints regarding cybercrime last year, representing an increase of more than 300,000 over 2019.  The reported losses from these crimes exceeded $4....

Don’t Take the Bait in 2021

April 2021  |  Brian Johnson

2020 was a difficult year, unprecedented in many ways.  As organizations across all industries scrambled to implement work-from-home strategies, healthcare organizations faced the COVID-19 pandemic head on.  Hospitals and medical practices focused on caring for patients, but sadly cybercriminals pou...

Microsoft Vulnerability Highlights Steps We All Need to Take

March 2021  |  Brian Johnson

A recently discovered vulnerability[1] in Microsoft’s popular Exchange email server puts companies using this application at extreme risk.  Security researchers have dubbed this event Hafnium, named after the Chinese-based espionage group first seen attacking servers.  Once compromised, multip...

Records Go Missing After EMR Outage

November 2018

The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. It was day that began like any other for Dr. Sandra Lynn, an internal medicine doctor and the head of a multi-specialty clinic made up...

Chance Encounter Results in Privacy Breach

September 2018

The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. What images do the terms “security breach” or “privacy breach” conjure up when you see them? Most people think...

Wrong Number Results in Security Breach

July 2018

The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. Springtime in Arkansas brought pleasant temperatures as well as lots of mold and pollen, especially after the mild, wet winter. As a r...

What You Don't Know...Can Hurt You

May 2018

The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. David[1], an employee of Dr. Jerome’s medical practice, was in college studying to become an IT Specialist. David was hired to m...

The One Thousand Dollar Ransom Request

March 2018

The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. When Mandy*, the receptionist at the small rural medical practice of Dr. Smith, saw that the message light on the phone was blinking, ...

2018 Cybersecurity Outlook

January 2018

Looking ahead to 2018, cybercriminals will redouble their efforts to steal personal health information (PHI). The number of ransomware attacks has steadily risen for the last few years, and there is no indication that it will slow anytime soon. Reliance upon technology in healthcare continues to grow, providi...

Is the Cloud Safe?

November 2017

It seems that another cyber attack is in the news every week. Cyber criminals are trying to acquire personal information at an alarming rate, and the healthcare industry is a particular target.  Patients’ protected health information (PHI) often contains birthdates and social security numbers, and ...

Disgruntled or Dishonest Employees May Be the Source of a Security Breach

September 2017

With all of the security breaches in the news recently, many medical practices have taken extra steps to keep their patient records safe. Employee training and awareness, installation of virus and malware protection, regular data back-up, purchase of a cybersecurity insurance policy, and hiring an IT person t...

It Adds Up Quickly

July 2017  |  Kari Stearn

Over the past decade, rapid advancements in technology have enabled a vast and expansive digital economy. As a result, medical practices of all sizes are using a broad range of personal and company-issued devices to keep employees connected to each other and to their workplace. But as connectivity grows, so t...

Cybersecurity Coverage: Can You Afford to Be Without It?

May 2017

Cybersecurity continues to rise towards the top of the list of concerns for businesses and medical practices.  Consequently, cybersecurity insurance protection is also becoming more and more important. Along with the basic cybersecurity insurance limits ($50,000) provided by SVMIC at no additional premiu...

Practices in Multiple States Fall Victim to Ransomware Attacks

March 2017

Current headlines contain many stories of cyber-attacks, including data breaches and ransom malware, more commonly known as ransomware.  Once your practice is hit by a cyber-attack, you’ll want to be able to quickly diminish the damages inflicted on your practice and your patients. Such damages inc...

Apply Today

Our team is here to answer any questions you might have or to help you fill out a quote application.

need help?

We're always just an email or phone call away.

contact us