Your browser (Internet Explorer 7 or lower) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

X

Navigate / search

Why do data breach risks increase during annual benefits enrollment?

October 6, 2017

Data Security with lockCybercriminals, identity thieves and hackers are willing to take drastic measures to infiltrate the data-rich annual enrollment process.

After all, your organization is handling and transferring huge volumes of sensitive information – between companies, employees and suppliers. Health insurance information is among the most targeted. On average, medical records sell for $20 on the black market while Visa® or MasterCard® data only goes for around $4.

Hackers can exploit insurance data in multiple ways — from receiving medical treatment or prescription drugs in the victim’s name, to redirecting mail using the victim’s address or opening new lines of credit with their Social Security number.

HOW CAN YOU MITIGATE DATA BREACH RISKS DURING ANNUAL ENROLLMENT?

  1. Create a more security-conscious work environment
    Work closely with IT to understand your risks and how to appropriately address them. Encourage your team to remain vigilant of cyber threats.
  2. Clearly communicate the enrollment processes?
    Ensure all enrollment materials are sent in a clear and secure manner. Clearly map out the enrollment process so employees can anticipate requirements and better detect enrollment-focused phishing scams.
  3. Ensure that defenses are in place
    Restrict access to enrollment documents, shred sensitive documents, and enforce a “clean desk” policy. Work with IT to ensure anti-virus software is up-to-date and all applications are regularly patched, outline and relay expected employee conduct online (including search, download and social media restrictions) and secure Wi-Fi networks.
  4. Create an anonymous fraud hotline
    Tips are the leading detection method of occupational fraud accounting for 39 percent of all cases. Create an anonymous tip hotline and encourage employees to call if they suspect fraud.
  5. Develop a data breach response plan
    Your plan should include appropriate contacts (law enforcement, insurance companies and consumer protection agencies), IT procedures, and announcement/post-breach material for impacted individuals. Ensure a dedicated phone number and website is created to help answer breach-related questions.

This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisors. Any modeling analytics or projections are subject to inherent uncertainty and the analysis could be materially affective if any underlying assumptions, conditions, information or factors are inaccurate or incomplete or should change.