The digital threat landscape of the COVID-19 pandemic is teaching insurers and other companies some valuable lessons about digital privacy in the wake of the U.S. Supreme Court’s overturning of the 1973 Roe v. Wade decision.
Aaron Tantleff, partner at law firm Foley & Lardner, spoke about this on this episode of The Insuring Cyber Podcast in part two of a two-part conversation about digital privacy concerns post-Roe v. Wade.
“I think there are a bunch of things we learned from COVID-19,” he said.
He pointed to examples of hospitals being understaffed and overworked during the pandemic, as a greater reliance on technology made them even bigger targets for cyber attacks.
“We’re not seeing that as much now because hospitals aren’t being overloaded the same way, and security at hospitals has been upgraded, but nothing is perfect,” he said. “I do believe you’ll still see the same attempts to attack healthcare facilities, medical centers, and things like that as a result of this. I think that’s something maybe you could say we learned from COVID-19 was that we needed to spend more and upgrade and do a better job of cybersecurity training.”
While most of the digital privacy concerns regarding the overturning of Roe v. Wade center on individuals’ collected data, concerns have been raised around cybersecurity for healthcare facilities and how big tech and insurance companies are safeguarding personal data and geolocation data, or data that maps an IP address from a connected device to determine the geographic location of the user.
“We’re seeing that companies are starting to either be more overt and let people know about geolocation data and ways to delete it, or some companies are actually automatically deleting geolocation data or not collecting it,” Tantleff said.
Particularly as a result of the remote working environment accelerated during the pandemic, a greater emphasis has been placed on the security of personal devices, he said.
“We learned how little awareness that people really had – especially in their personal world, not just their work world – because of work from home,” he said. “We’re learning about personal security a little bit more just because of the targeting that occurred during COVID-19 – the attacks that people had – because we weren’t prepared as a society for personal security on personal devices.”
Beyond using virtual private network technology, encryption and protecting location information, greater use of antimalware software is being seen among individuals and companies alike, as well as more reliance on phishing training and security risk assessments, he said. All of this is important for insurance companies that are increasingly finding themselves targets of cyber attacks – something Tantleff says the current environment could accelerate.
“Insurance companies are known to store large amounts of data and information about their policyholders. This is nothing new. And that practice has made them prime targets for cyber criminals,” he said. “Based on the signs that I’m seeing right now, I don’t see a remarkably increased risk to insurance companies just because of this abortion-related issue, but there are some caveats to that.”
One caveat is the increased interconnectivity of insurance carriers as they rely more heavily on the use of online services, apps and websites to interact with customers, he said.
“What this does is it creates this much larger platform for people to attack,” he said.
The insurance industry also holds large amounts of sensitive consumer data, he added, which means many of the traditional cybersecurity tools may not be enough to protect the insurance business. While an increase in cyber attacks as a result of abortion-related issues among insurance carriers has not yet been seen, Tantleff said, it isn’t necessarily out of the question.
“There may be somebody who will utilize their opinions on abortion to attack an insurance company, but I don’t think we’re seeing any real risks and that’s what I’m hearing. We don’t see any true material increase in threat actor activity against the insurance industry just because of abortion,” he said. “Now, that certainly may change as this becomes more sensitive. We’re starting to see more laws that outlaw and criminalize abortion and questions about whether [insurers] are paying or not. But [increased cyber attacks are] not something I see yet.”
However, he said now is an important time for companies – including insurers – to reassess their approach to cybersecurity and digital privacy.
“If there’s ever an opportunity to remind people then this is a good reason, if not for any other reason, to go back and consider things like ensuring that you implement security training for all of your employees or for anyone who works on the system and has access. Implement greater security, things like two-factor authentication, and consider your password policies,” he said. “We’re going to continue to see an increase in frequency and severity of cyber attacks, and given the fact that a data breach can close down a hospital, can prevent care, can destroy medical records, can impact the insurer’s ability to provide coverage or make records available, to provide timely reimbursement for coverage to people or make coverage decisions to help people, we’re seeing that the threat landscape continues to evolve.”
With this in mind, he said it’s important for every insurance company to implement a solid strategy for cybersecurity to protect themselves and the information they have, “and also to make sure that they’re available to help people when they’re in need.”
Check out the rest of this episode to see what else Aaron has to say, and be sure to listen to part one of this conversation on digital privacy post Roe v. Wade on Insurance Journal TV and Apple Podcasts. Check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.
The post EP. 44: What the COVID-19 Digital Threat Landscape is Teaching Insurers Post-Roe appeared first on Insurance Journal TV.