RISK IN SIGHT NEWSLETTER

TRANSPORATION ISSUE

WINTER 2019

Napa River: How We Help Solve the Transportation

Claims Puzzle  With the start of the new year upon us, we would like to take a moment to reflect back on the past year. 2018 was, indeed, an exciting year for Napa River. As our client base continued to grow, so did our staff. We added new members to the safety & risk management team, and our claims team is now triple the size it was in 2017! Our growth, while substantial, has been very deliberate and intentional for one specific purpose—to better serve you, our clients. As we look back on 2018, we are ever grateful for your support.

As we advance into 2019, we move forward knowing that the support you have provided has laid the foundation for the path to our success. Thus, we remain steadfast in our resolve to continually provide you with exceptional client service, while persistently and consistently offering you the personalized products that fit your specific needs and goals. Should your needs change or if you have any questions about our products, feel free to contact anyone on the team. You can also get more information about our services at napariverinsurance.com. We are excited about taking this boundless journey with you not only into this new year, but also for many years to come.

Thank you!

Weather the Perfect Storm in the New Year

As we proceed into the new year, it is natural to turn our thoughts to how we can be better. What can we do to improve safety on our nation’s highways? How do we provide an environment in the trucking industry that encourages our drivers ’success and well-being? How do we encourage quality young people to consider commercial driving as a career of choice rather than a last resort? Will YOU play a role in actively seeking change, or simply spend another year complaining about the various woes of this business?

Over the last year, we saw an increase in the rate of truck-related crashes and claims costs. In many of these cases, speed and driver distraction were a common cause. While it will be at least another year to get official crash data, we do not have time to wait before taking action.

WHY THE JUMP IN CRASH FREQUENCY AND SEVERITY?

In talking to drivers and trucking company personnel, it seems that electronic logging devices (ELDs) have stressed capacity and overall trucking operations. Electronic logs have, indeed, made time more regulated and finite. Drivers and dispatchers can sometimes feel added pressure, even though much of it seems self-imposed, to complete trips faster. Perhaps this is why CSA roadside data has shown an increase in the highway speeds of trucks over the last year. At the same time, there seems to be less traffic enforcement resulting in citations, rather than simple roadside write-ups.

While many companies govern top-end truck speeds, a closer look at where speeding write-ups or citations occur indicate the problem isn’t just on highways, but also on secondary roads with speed limits less than governed unit speeds. As a result, we have seen an increase in serious crashes on secondary roads as well as intersections, in particular. Additionally, despite more widespread use of safety technology, the underlying hours of service (HOS) regulations remain sorely outdated. The Federal Motor Carrier Safety Administration (FMCSA) has stated that updating the HOS regulations will be a priority in the coming year.

HOW YOU CAN WEATHER THE STORM

There is currently no reason to believe this trend will reverse anytime soon without serious industry-wide effort. The commercial trucking industry has been, for some time now, in that perfect storm of driver shortage, stretched capacity and a worsening legal environment. As the number and severity of claims have risen, so has the pressure on commercial auto insurance companies to raise rates. It is feeling more like a perfect storm indeed.

Enhanced training of drivers and operations personnel must continue to be a top priority in 2019. Although many companies adequately trained drivers on the mechanics and use of ELDs prior to deployment, it is imperative that drivers and operations personnel continue to hone their skills and thoroughly understand the advantages of having the accurate data these new ELD systems provide. Some of these advantages include increased fleet utilization and the ability of operations personnel to better plan assignments so drivers are not pressured to complete loads while needlessly pushing speeds.

It is important that trucking companies take full advantage of available technology, such as truck-based satellite communication systems, to more easily monitor a driver’s point-to-point speeds. While highway speeds can be kept at bay with reasonably governed power units, secondary road speeds must be monitored using trip data. Even better is the use of an add-in tool, such as SpeedGuage or another comparable product. However, the most effective tool to monitor individual driver behaviors, including speed, is the use of dash-mounted camera systems. Over the years, we consistently have seen this technology investment pay for itself. Events captured by these systems provide the greatest insight into a driver’s habits. Some of the latest products even provide ongoing monitoring of following distance, speed and other factors without a particular triggering event. When considering camera systems, we often get asked about inward-facing cameras. Oftentimes, companies relent to driver pressure and activate only the outward facing camera; however, inward-facing cameras are recommended. Drivers must sometimes be sold on the value of the inward-facing camera; therefore, it must be stressed that one of the main reasons you have invested in this technology is to improve their ability to make it home safely and protect their livelihood, rather than to “spy” on them. The key to success in camera/event recorder implementation is timely and consistent counseling of drivers. This counseling must be positive and designed to have the driver better understand the needless risks he or she is taking on the road, and must also include actionable changes a driver can make to eliminate future issues. In the end, there must be a commitment to eliminate those drivers that do not adequately respond to repeated counseling efforts. When considering cameras or any type of safety technology, you may ask yourself how it might influence liability  in the event of an accident. All in all we  have found that, in the event of an  accident, cameras have an overwhelmingly  positive impact rather than negative implications. Monitoring  drivers through the use of safety  technology will give you the opportunity  to preemptively correct less than  safe behaviors and help avoid accidents.

OUR TEAM PROVIDES SHELTER  IN THE STORM

Napa River’s Loss and Risk Control Services team stands ready to assist in your ongoing safety and compliance efforts. We can provide customized  training for frontline personnel through  our Driver1st (formerly DriverCare)  program. This training provides an interactive look at the issues your drivers face every day, and provides  those who deal with drivers the communication and problem-solving  skills to better partner with your  drivers.

We can also provide guidance in setting up a wide variety of effective speed and  driver behavior monitoring and  improvement programs. Please call your assigned Loss Control Specialist or contact Jeff Davis at 317-810-2034 or jdavis@napariverinsurance.com

Driver1st is a registered trademark of Napa  River Insurance Services, Inc., Napa, California.

Interchanging, Interlining & Brokering: Avoiding Common Pitfalls

Motor carriers often perform a variety of activities beyond straightforward freight hauling to serve  customers. Some of these are relatively low-risk, while others can involve significant exposures. This article will discuss equipment interchanging, interlining and brokering, and explain some easy ways to avoid the common pitfalls related to these activities.

When carriers make arrangements with other carriers that involve activities such as interchanging  equipment or interlining, it is important to clarify who is responsible for loss, including damage to the  Patrick Lennon  Sr. Loss Control Representative Napa River Insurance Services 317.810.0062  plennon@napariverinsurance.com equipment or cargo. Similarly, with the growth of freight brokering, there are some pitfalls to avoid in order to minimize exposures to loss.

It is fairly common for carriers to  interchange equipment, especially when one carrier pulls a trailer owned by a shipper or another carrier. This is typically planned ahead of time, with formal interchange agreements exchanged. However, it’s not unusual for a load intended for one carrier to put on a trailer owned by another when multiple carriers serve a large shipper. In such cases, the carrier for which the load was intended will often take the load using the other carrier’s trailer, and arrange to return the trailer.

Regardless of how equipment ends up  being interchanged, doing so creates additional exposures that need to be managed. If damage occurs to a  non-owned trailer, it is almost always the responsibility of the one in possession of it at the time of the  damage, even if no interchange agreement exists. In fact, it’s common for carriers that interchange equipment to do so without formal agreements. We often hear rationalizations such as, “We’ve been pulling their trailers for years on a handshake agreement. They know if we damage it, we’ll fix it.” Thus, while using a written agreement is recommended, that doesn’t always happen.

Even more concerning are the exposures created when another carrier uses your equipment. If that carrier were to have a serious loss— one that may exceed their coverage limits, it’s possible your coverage could be exposed even if you did nothing wrong. For this reason, it’s advisable to have a written interchange agreement that clarifies duties and liabilities, and includes indemnity as well as a “hold harmless clause” to protect the trailer owner.

Interlining, though not as common, is still performed. This may occur when a shipper asks a carrier to take a load beyond the geographic area where that carrier normally operates. The carrier may not want to tell the shipper they can’t take the load, since that might invite other carriers to begin serving their customer. Instead, the carrier will accept the load, take it part of the way, and then arrange for another carrier to complete the delivery. They may interchange trailers or move the cargo from one trailer to another, perhaps at one of the carrier’s terminals.

When a load is interlined, there are a few issues that need to be addressed:

• Is the shipper aware there are two carriers involved?
• How do the bills of lading work?
• Does the originating carrier retain a fee for the second carrier’s segment?

Is there a formal agreement between the two carriers? 

Ideally, the shipper will be made aware that two carriers are involved. But if the original carrier does not want to disclose this information, the carrier may instead bill the shipper for the full trip under their bill of lading, then pay the other carrier for its segment. In such an instance, the original bill of lading could result in exposure issues for the original carrier if the second carrier has a loss during their part of the trip. 

If the primary carrier retains a fee for the second carrier’s segment, the primary carrier is essentially engaging in freight brokering and, thus, needs to have both the authority and the required bond in place. Assuming the carrier has both, it’s better to simply handle it as a brokered load, with the second carrier issuing its own bill of lading for its segment of the trip and running on its authority only.

Those who have been involved in trucking for a long time recall when trip leasing was the norm, rather than brokering. Trip leasing involved hiring another truck for a single trip on the hiring carrier’s authority. This practice sometimes resulted in complications, since the carrier would rarely examine if the driver fully met their standards, other than simply checking for a valid commercial license. Thankfully, trip leasing is nearly obsolete due to the preferred practice of brokering.

As previously noted, one must have authority from the FMCSA, as well as a bond for $75,000 (up from $10,000 a few years ago), to engage in brokering. When loads are brokered to other carriers, it is essential to perform due diligence to confirm the carriers have both the authority and proper insurance, including an adequate cargo limit. If the carrier may be used repeatedly on brokered loads, it is recommended the broker require they be named as an additional insured on the carrier’s policy. In that instance, the broker will be notified if the carrier’s coverage is cancelled.

Moreover, it is recommended that the carrier have staff devoted exclusively to brokering who not only operate from a location separate from trucking, but also hold the authority in a separate entity from the common and/or contract authority. Although many long-time brokers don’t heed these recommendations, it is important to create as much separation as possible in case a carrier hauling a brokered load has a serious loss.

“Since 2011, it’s like somebody flipped a light switch and every other month, on average, there’s been a verdict of over $10 million against a commercial trucking company.” – Rob Mosley, Transportation Attorney Fleet safety isn’t just a buzzword; it’s the key to protecting your bottom line and your greatest assets—your drivers. How can your fleet improve its safety and avoid becoming the next multi-million dollar headline? It begins with an organizational focus and a solid monitoring program.  Be sure to contact your agent, broker or lawyer for more guidance on the topics covered in this article. While most services provided involve relatively little additional risk, all have pitfalls that need to be avoided.

Three Ways to Build a Safer Fleet

COMMIT The key to any successful initiative is support at all levels of the organization. From C-Suite to truck cab, everyone needs to understand your fleet’s goal and their role in its achievement. Set your course and ensure that you have buy-in from all of your stakeholders. 

This can begin with an assessment of your current state. Where is your CSA score? How is your driver fitness? Where do you need to be to achieve your goals? Level-setting with relevant metrics can help your organization understand the need for action and the importance of support.  Once you have buy-in, keep the lines of communication open with your stakeholders and report leading indicators and progress. This allows your fleet leaders to continue to engage in the safety initiatives and support its continued progress.

2. MONITOR

How often are you updated on your drivers ’violations and/or license status changes? If the answer isn’t “continuously,” you have blind spots. When it comes to violations and license status, what you don’t know can definitely hurt you. Self-reporting policies are no longer sufficient, as case law continues to push more responsibility onto fleet leadership. If you aren’t monitoring your drivers, you are opening yourself up to negligence lawsuits and the potential for a multi-million dollar settlement.  Select a monitoring provider that offers continuous license monitoring for both violations and driver’s license status. Each fleet varies in size, scope and attributes, so it’s important to consider the level of service as well. A partner that can provide individualized planning and support will allow for smoother implementation and execution.

3. COACH

Creating a safety culture requires being proactive in your approach. Make driver safety a regular topic of conversation in meetings and discussions. Communicate safety reminders via posted material and emails to ensure it is top of mind on a regular basis. Bringing safety to the forefront of your organization will reinforce its importance as a cornerstone component of your fleet.  Use your telematics and monitoring data to assess your current state and provide both customized and individualized coaching. What violations is your monitoring provider reporting? Are there any trends? Where are your drivers struggling? Knowledge is power and knowing your fleet’s weaknesses will help you overcome them.

CONCLUSION

Avoiding adverse safety events is a team effort that protects both your drivers and your bottom line. Don’t let your fleet be the next lawsuit headline. Lead your fleet’s commitment to safety, continuously monitor your drivers and coach them to help your fleet reach its potential. Napa River Insurance Services, Inc. has formed a strategic partnership with Supervision, Explore Services, LLC (Saint Paul, MN) to provide a discount for the SuperVision driver record monitoring service to our insured partners.

Cyber Liability: Today’s Rapidly Growing Risk.

This is the final article in a series. The first three parts discussed the nature of cyber liability, ways your organization can be harmed and preventive measures to limit exposure.

Part Four: Preparing for the Time

When Preventive Measures Fail  With nearly 80% of healthcare providers recently reporting a healthcare ransomware or malware attack in the preceding 12 months1, it is a question of “when,” not “if” your having an Incident Response Plan is a necessity, rather than a luxury.

Knowing who in your organization is responsible for specific tasks and how they should work with others within and outside the organization can dramatically reduce the time spent to re-secure the network or digital assets affected, as well as reduce the overall financial severity.

Your IT department will be a critical component of any response plan, but representatives from many disciplines should be involved. Once IT is aware of the problem, many companies designate counsel—inside or outside— as the first phone call. The investigation and response then take place “under the direction of counsel,” helping to invoke privileges and helping posture for potential regulatory and liability issues. Do not assume, however, that every communication with counsel is privileged. Thus, verbal communication, rather than email, may be more appropriate.

Aside from the CEO, appropriate IT personnel and counsel, other team members involved in a response plan may include human resources, public relations, contractors, accounting, and/or an outside forensics company. The same disciplines that may be called upon if a breach or denial of service attack takes place are the ones that should participate in formulating the plan to be implemented when an event occurs. This preparation can involve looking at back-up facilities, data back-up practices and contracts with outside vendors to determine whether contract terms are appropriate for an unauthorized intrusion or a denial of service attack.

If you currently purchase cyber liability insurance, it is important that the terms of the policy are factored into any response plan to help ensure the plan isn’t encouraging action that could be detrimental to coverage under the policy. Be sure to read your policy—know what it covers and what you need to do when an event occurs.

If the policy provides a list of authorized law firms, familiarize yourself with them. They may be willing to do an initial consultation with you free of charge, and you can then decide if they are a good fit. Knowing who you are going to call in advance is a huge advantage. If your insurer doesn’t provide a list, research firms on your own. They may still do an initial consultation for free, since they will want your business when the time comes. Lawyers who handle these types of situations are specialists; for many of them, this type of work is all they do, so they will likely have relationships with response service providers at more favorable rates than are available in the open market.

Larger organizations should work with a law firm to identify preferred vendors to provide, if needed, post-event services such as forensics, etc. But don’t stop at identifying just one firm; you need to have back-up options in the event that your top choice is not available or has a conflicting engagement. The bottom line is: be prepared.

The combination of a highly regulated environment, coupled with a high volume of valuable personal information, leave the healthcare industry prone to frequent and severe cyber incidents. The number of attacks is on the rise at an alarming rate, and there is no reason to believe that is going to change in the near future.

While prospects appear bleak, there is hope. Progress is being made.

Healthcare organizations started off in the cyber era with a disadvantage shared by the financial industry— legacy systems. Both industries were early adopters of technology; however, the financial industry on the whole, was able to more quickly absorb the cost of migration from those legacy environments that pre-dated the internet and today’s electronic security concerns. Healthcare is catching up rapidly, and today’s healthcare networks are vastly superior to what existed even a few years ago. There is still work to be done, but the distance to get there is not as great as it once was.

In addition to that challenge, healthcare has an ever-expanding network of peripheral devices, posing an ongoing challenge to keep up with securing all of these various devices. Healthcare device manufacturers are responding to industry concerns about security and are focusing more attention on security than they have in the past, which will help in reducing potential entry points for hackers. Cyber liability will continue to be a major challenge facing healthcare organizations, but with diligence and perseverance, it’s an exposure than can be successfully managed.

The information contained in this publication is provided for informational purposes only and is not provided as a substitute for advice from legal counsel regarding the content or interpretation of any law, regulation or rule. The information provided shall not revise, supplement or alter an insurance policy in any manner, nor is it intended as a substitute for advice from a risk management expert or legal counsel you may retain for your own purposes.

Click here to download the newsletter PDF >

The post Risk In Sight Newsletter – Winter 2019 appeared first on Napa River.

RISK IN SIGHT NEWSLETTER  TRANSPORTATION ISSUE  SPRING 2018

Four Steps to Building a Successful Safety Training Initiative

No one wants to receive “that call” in the middle of the night, letting you know that one of your drivers has been involved in a major accident. The good news is there are steps that you can take to minimize the chances of accidents happening within your company. For starters, it is important to have a strong training initiative designed to empower your drivers with the proper tools and knowledge to keep safety “top of mind.”

DRIVER BEHAVIOR: THE ROOT CAUSE OF ACCIDENTS

If you were to sit down and analyze past accidents within your company, you may notice one consistent trend-driver behavior has likely played a major role in the root cause of accidents. Safety, therefore, should not simply be delegated to one person in your company. Instead, safety must be an innate value within your company, impacting every decision made by each driver.

Implementing a strong safety training initiative, especially in an environment where a large portion of the workforce is mobile, may initially seem like a daunting task. However, online programs allow drivers to easily participate and engage in safety training, regardless of their location. The following four steps can be utilized to build a successful safety training initiative designed to create a culture of accident prevention.

STEP 1: IDENTIFY TRENDS

The best indicator of future performance is past performance. Thus, you should evaluate your insurance loss runs (history of claims) and Compliance Safety Accountability (CSA) violations to identify trends and behaviors that could lead to a major accident. Ask yourself these questions:

1. What’s the number one cause of my losses?
2. What are the most frequent CSA violations that could lead to an accident?
3. How are we training our drivers to improve these behaviors?

Remember, just because you have not yet had a catastrophic accident does not mean the frequency of your minor accidents should be ignored. Avoiding a major accident isn’t just luck. Getting ahead of the trends and understanding your problem areas are your keys to creating a safe workplace.

STEP2 : CREATES TRATEGYT O TARGETC HALLENGES

After you have identified your trends, you must create a strategy to train your drivers. Training leads to awareness, and awareness leads to reduced losses. One question companies often ask is: “How much training is enough?” The short answer is: “As much as possible.” You can never conduct too much safety training. New drivers should be trained during orientation (onboarding) on defensive driving skills, Federal Motor Carrier Safety Administration (FM CSA) rules/ regulations, maintenance and hours of service. Starting with training on these topics during orientation has been shown to have an extremely positive impact on the trending of violations. In addition to training during the new driver onboarding process, weekly safety and awareness training for all drivers is paramount to building a best-in-class safety culture. This weekly training can be done utilizing online micro-training videos, which can be completed in less than 10 minutes.

Online micro-training videos not only allow you to hold your drivers’ attention during the training, but also keep drivers on the road, making money. Regulatory updates should also be shared with drivers to keep them abreast of new rules and regulations. Additionally, testing drivers after having watched training videos is an easy way to prove your drivers have a comprehension of the materials. As a result, you will save time and labor dollars, while your drivers improve their “top of mind” awareness of safety best practices.

New Hires at Napa River Make Us Stronger Than Ever

Napa River has grown substantially in the past few years. In fact, Napa River experienced 58% growth in its transportation business alone during the past two calendar years. In order to keep up with our growing client base and its changing needs, we have appointed Peter Mazurek as Director of Marketing & TPA Operations. Peter has over 20 years of experience managing the operational and financial aspects of running a third-party administrator (TPA), and has held various positions within the insurance industry, including work in underwriting and treaty accounting. He most recently served as Vice President of Operations & Business Development at Innova Claims Management LLC, which he joined after the successful sale of Specialty Claims Management, LLC. Through his past experience at several organizations, Peter has garnered extensive knowledge in systems and work flows for claims organizations.

In addition to Peter, Carlos Lopez joined Napa River as Claim Manager for transportation. Carlos has 15 years of experience in the insurance industry, handling claims across multiple lines of business and leading process improvement and mentoring initiatives. Prior to joining Napa River, Carlos was Claims Supervisor at Protective Insurance and held positions at Liberty Mutual Commercial and Allstate. He earned his Chartered Property and Casualty Underwriter (CPCU) and Senior Claims Law Associate (SCLA) designations.  At Napa River, our strength is in our people. We are now stronger than ever, and we are ready for any and all challenges that may lie ahead. We are confident that the addition of Peter and Carlos to the Napa River team will enhance our ability to provide the exceptional products and services our clients have come to expect from us. But we’re not stopping there; in the next few months, we will continue to expand our team. Exciting changes are taking place at Napa River, and we thank you for being a part of our journey.

STEP3 : MEASURER ESULTST HROUGHB ENCHMARKING

AI; you implement your training strategy, you will want to monitor how well your training efforts are impacting your company’s performance. Benchmarking your CSA data and insurance loss runs with scheduled ongoing evaluation points can help you implement a sustainable process. This will help you understand not only what adjustments may be needed in your training, but also on which problem areas you should focus. Measuring your success can help you realize continuous improvement until you have reached your benchmarking goals.

STEP 4: REPEAT

Finally, safety is a journey that everyone in your company must embark on together. Accidents happen, even in the safest of companies. When they do happen, it is crucial to identify the trends that caused them. Then you must develop a training strategy to improve upon them and measure your results through benchmarking. The first step towards changing behavior starts with training and communication, but note there is no last step on the training journey.

Remember, if your company has a high frequency of accidents and your training does not focus on prevention, your frequency and severity of accidents will continue to rise. Training and communication are proven ways to achieve behavioral change within your company. Implementing an online training component also helps you to ensure your safety message is in front of your drivers, no matter where they are on the road.

Randy Sturdivant is the Director of Business Development and Strategic Partnerships for Vertical Alliance Group, Inc. With more than a decade of experience working in the online training space, Randy has helped companies across the nation build best-in-class safety training programs utilizing a proven online training system. He regularly presents at industry conferences on how to avoid risk by inspiring behavioral change in employees through targeted training initiatives.

Cyber Liability: Today’s Rapidly Growing Risk

PART THREE

Ways You Can Limit Exposure Through Preventive Measures

This is the third article in a series. The first two parts discussed the nature of cyber liability and ways your organization can be harmed. The final article will be Part Four: Preparing for the Time When Preventive Measures Fail.

An ounce of prevention is worth a pound of cure. Network management is a highly complicated and technical function that relies on specific equipment, configurations and practices; thus, this article will focus on cyber liability at the conceptual level.

Someone in each organization needs to be in charge of information security. It should not be merely a task on their list of duties; it should be clear that they have the appropriate authority and responsibility to keep the organization’s systems and information safe.

Experts say there are three legs to data security: (1) what you have, (2) who has access to it and (3) how and how long is it being kept. With that in mind, the organization should determine what are the “crown jewels” that need to be protected. In a healthcare organization, the jewels are not only limited to medical information; names and social security numbers are highly valued targets as well, as is information related to employees. (Information that would populate a W-2 form is highly desired by criminals for generating phony tax returns in order to fraudulently claim tax refunds.)

Once the jewels have been identified, the organization should consider who has access to them. Access should continuously be managed and limited in time and scope to only that which is necessary to the tasks at hand. This may reach all the way to the level of contract terms with vendors. Permission management is an organization’s way of knowing not only who has access to what, but when and how those people are accessing it. Actively monitoring a network can identify abnormal activity early and allow the organization to shut down an attack before it can really get started. Larger organizations may have dedicated staff to provide this function, but for smaller providers, there are plenty of hosted options where a third party can perform this function. Costs have come way down for these services, so it is not out of reach financially. Proper implementation of this technique may be the best defense against a rogue employee incident. Not only can it catch a thief, but just knowing that the practice is in place, and the employees’ every move on that network is recorded and reviewable, is a powerful disincentive.

How and how long data is kept also are important considerations. Organizations may have huge volumes of data, but does it all really need to reside on the network? If the answer is no, then remove it. You don’t have to destroy or delete it; instead move it to a safe place and encrypt it. Doing so helps ensure there is one less piece of vulnerable data.

Most IT and privacy experts agree that encryption is the simplest and often most cost-effective way to mitigate privacy exposure. Privacy regulations may call for significant fines and penalties against certain organizations, sometimes in the hundreds of thousands or even millions of dollars. But if the data that a criminal seizes is encrypted, it is useless to the criminal, and regulations often take this into consideration. There may not even be a requirement to notify affected persons. While many organizations utilize encryption on some data, old records are sometimes taken off a server and moved to an external drive, but not encrypted. Implementation of encryption is not generally very difficult; it is actually built into some applications to help with privacy law compliance. Data should be encrypted while at rest, as well as while in transit. In an ideal world, everything should be encrypted, but that isn’t always possible due to system/application constraints. Some organizations use various systems, hosted both internally and by a third-party, in order to run their operations. Encryption may be accepted by some, but not all systems, or a certain type of encryption may not agree with some programs. That’s a business challenge that will likely not be resolved anytime soon, but the closer one can get to the ideal of 100% encryption, the safer an organization will be.

Keeping applications and patches current can prevent as much as 85% of system intrusions.

Your employees are your front line of defense against cyber attacks. You can’t read every incoming e-mail for them. Mail scanning applications are constantly improving, but the hackers are always a step or two ahead-at least the good ones are. Thus, the bestdesigned security system in the world is useless if someone on the inside opens the door and lets people walk in.

The best thing you can do to assist your employees in defending the network is to implement a training program to give them the tools to do so. Once established, completion should be mandatory for all current employees, and should be part of the on boarding process for new employees. Annual reminders, updates or refresher courses are also a good idea. Part of the presentation can be a review of established corporate IT policies and procedures designed to safeguard the network, but actual training and examples on how to review e-mails is high impact. Spoofed e-mails have become increasingly sophisticated, but with careful review there are often clues that can be spotted pretty easily by an informed employee.

A corporate e-mail policy is essential, but it needs to go beyond just telling employees not to use their work e-mail address for personal communications. That is a sound policy, but they need to apply what they learn in the e-mail spoofing training with corporate communications as well. What better way to get employees’ attention than to spoof an e-mail that looks like it is coming from ADP, a payor, etc.-organizations from which they undoubtedly get legitimate e-mails. Employees should be taught that if there is the slightest doubt, they should not click on any link in the e-mail nor open any attachment. Have IT check it out. All it takes is one click on the wrong e-mail and malware can be on its way in the door.

The easiest way to stave off spear phishing attacks is to have preestablished protocols. Procedures like multiple- party sign-off, requiring specific language or authorization codes from an executive when funds are to be disbursed, or requiring actual verbal or face-to-face confirmation can prevent diversion of corporate assets to criminals. Having a clear set of guidelines governing who can access and request sensitive data can have the same effect. You don’t want to create a bottleneck, but the more people who are involved, or at least aware of a request for money or sensitive information, the greater the likelihood of foiling a scam.

The most widely-publicized breaches have been at retail establishments such as Target, TJ Maxx, Home Depot and so on, but lessons can certainly be learned and are transferable to other sectors. We have learned repeatedly that when an organization has multiple locations, it is not a great idea to aggregate all point-of-sale (“POS”) operations. A separate system for each location reduces the amount of data potentially available to a criminal. If you have six locations with six separate data troves, the hacker will have to get into six different networks in order to get the same amount of data they would get from a single aggregated source.

Limit access to the POS system to sales purposes only. This may sound odd, but many organizations allow access to and reporting from their POS system in order to allow more up-to-the-minute data and tracking than would be available from their general ledger system. Most organizations don’t need to review intraday transactions the way a retailer might, so there is really no reason to allow access/reporting on an intraday basis. A nightly download to the general ledger ought to yield adequate information with only a minimal delay. It was sloppy access to the POS system that led to the Target breach. Keep it locked down. Actively monitoring updates and patches will not only help prevent a breach, as we have discussed previously, but it is also a requirement in order to remain Payment Card Industry (“PCI”) compliant. If you are out of compliance and a breach occurs, it can result in significant fines and penalties assessed by PCI. It can also result in additional expenses to regain PCI-compliant status and place additional burdens on the organization going forward.

John Whall is senior vice president of Hudson Insurance Group and leads the underwriting group tasked with insuring clients against cyber liability and other errors and omissions exposures.

Dashcam Video Retention What’s Your Policy

Of all the technologies that have emerged in the trucking industry, perhaps the most significant is the use of dashboard cameras. Only a few years ago, it was rare to have video evidence of a crash. Now, as more fleets continue to add dashcams, the likelihood of getting such evidence is higher than ever.

A commonly cited statistic in car-truck crashes states that car drivers are at fault around 80% of the time.’ But, as most anyone involved in trucking or truck insurance can confirm, before the use of dashcams, truckers were held responsible far more than 20% of the time; some say it’s more like 50% to 75%. Now that is all changing. It’s no longer a matter of both parties simply claiming the other was at fault; there is now video proof of what happened.

What’s more, many systems allow the videos to be viewed by the officers at the scene. Longtime users of dashcams can share many success stories, such as when police tell the other party involved, “I just saw video of the crash. Would you like to revise your version of what happened?” Some have told of crashes where the mere presence of cameras has led the other parties to admit fault.

Fleet owners and safety professionals routinely claim that dashcam systems pay for themselves, often many times over. Not only do they provide exonerating evidence when not at fault and/or show the identity of hit-and-run vehicles, they also influence driver behavior, since they know the incident has been recorded.

Most also believe it’s better to have video footage even in cases where their driver was at fault, a common concern that is heard about dashcams. They agree it’s better to know the facts up front in such cases so that efforts can be directed at settling the claim rather than the costly, and often lengthy, process of investigating crashes. And, as noted previously, without dashcams, the odds were that the trucker was going to pay regardless of fault. Thus, having video footage also results in claimants being paid much sooner.

It’s no longer a matter of both parties simply claiming the other was at fault; there is now video proof of what happened.

Once the decision has been made to add dashcams, there are other key steps that need to be taken. Policies need to be established on what to do with the videos that are recorded. First and foremost, there must be set procedures to follow when videos show drivers not following company policies. These can include acts of unsafe driving, not wearing seatbelts, having unauthorized passengers or using handheld cell phones. If a driver has a serious crash, you can expect the plaintiff’s lawyer to demand access to those prior videos, to which they are likely entitled. It’s essential that those prior incidents recorded result in appropriate actions, such as remedial training, counseling or formal reprimands, all of which MUST be documented.

Another process that should be established is a video retention policy, since it’s not practical to plan on saving every video indefinitely. Instead, decisions should be made on which to save, how to save them and for how long. (Due to the possible legal consequences of such decisions, it is advisable to have an attorney with experience in such matters consult on a retention policy.) Of course, videos showing serious events, such as crashes, will need to be kept. Things get more complicated, though, when deciding whether or how long to keep other, more routine events.

The solution is to have a written video retention policy. This eliminates the need to make such decisions on a case-by-case basis. It also provides a measure of protection in the event a video is not saved, due to the company’s policy, and that decision is later questioned. For example, you may no longer have prior recordings involving the aforementioned driver involved in a serious crash. Having a written retention policy can help prevent a spoliation of evidence accusation in such cases.

Customers of Napa River Insurance Services, Inc. are eligible to receive, at no charge, a generic video retention policy that has been prepared by a law firm that concentrates in trucking. 2 The policy can be customized to show the name of the motor carrier using it, although it is recommended that you have your attorney review it before you implement the policy. Feel free to contact your Napa River Loss Control Specialist if you are interested in taking advantage of this value-added service.

1 James Jaillet, Commercial Carrier Journal, February 14, 2013.

2 Scopelitis,G arvin, Light, Hanson & Feary,P C.

Planning Today for Tomorrow’s Catastrophic Accident

SPRING 2018

Whether you are a trucking company with 2 power units or 600 tractortrailers, chances are, if you are in business long enough, one of your drivers will be involved in a catastrophic accident. When that happens, you need to already have in place a plan setting forth how you will respond. After 30 years of representing trucking companies, I have narrowed it down to eight things that you need to gather within hours after being notified of the catastrophic accident:

1. Driver’s Logs and Supporting Documents. With the advent of electronic logs, this is easier than ever.
2. Repair Records. Plaintiff’s attorneys love to be able to tell juries that a trucking company put deficient equipment out on the road. Don’t be one of those companies!
3. Maintenance Records. Again, Plaintiff’s attorneys salivate at the opportunity to portray your trucking company as one who does not properly maintain its equipment and, as a result, endangers others.
4. Bills of Lading. We need to know where the driver was coming from, where he or she was going, and what he or she was carrying.
5. All Electronic Data. There are dozens of separate computers on the average late-model Class 8 tractor. All of them contain valuable data. Get it while it’s hot. And don’t forget any positioning data and dash cam videos.
6. DQ File. Because having a qualified driver on the road is pretty darn important.
7. Personnel File. Every document you have on that driver needs to be secured immediately.
8. Safety and Training Documents. Because if you cannot document the safety training you gave your driver, if it’s not in writing, if it’s not dated, and if it’s not signed, IT NEVER HAPPENED.

Eight boxes to check. Do it right and do it quickly, and you will save yourself headaches down the road. Failing to plan today for tomorrow’s accident? Well that’s just catastrophic.

Jeff Davis Presented with PTDl’s Crittenden Memorial Award

On March, 27, 2018, the Professional Truck Driver Institute, Inc. {PTDI) presented its highest honor, the Lee J. Crittenden Memorial Award, to Jeff Davis, Vice President of Safety at Napa River. The award ceremony took place during the 80th Annual Convention of the Truckload Carriers Association {TCA).

Jeff has been involved in commercial trucking safety within the insurance industry since 1983. In his current role at Napa River, he oversees all safety and loss prevention activities with prospective and insured clients. His role includes managing the pre-underwriting due diligence process, providing insured client safety and compliance services, as well as analyzing loss and compliance data.

The Napa River team proudly congratulates Jeff on his momentous achievement!

The information contained in this publication is provided for informational purposes only and is not provided as a substitute for advice from legal counsel regarding the content or interpretation of any law, regulation or rule. The information provided shall not revise, supplement or alter an insurance policy in any manner, nor is it intended as a substitute for advice from a risk management expert or legal counsel you may retain for your own purposes.

Click here to download the newsletter PDF >

www.napariverinsurance.com

©2018 Napa River Insurance Services, Inc.

The post Risk In Sight Newsletter – Spring 2018 appeared first on Napa River.

RISK IN SIGHT NEWSLETTER

TRANSPORTATION ISSUE

FALL/WINTER 2017

Napa River: How We Help Solve the Transportation Claims Puzzle

Driver fatigue. Road conditions. Inadequate training. All of these are significant factors which play a role in driving your company’s losses.

Napa River Insurance Services, Inc. is dedicated to providing the data and training resources essential to solving the puzzle of your organization’s transportation claims. We work with you to identify and collect the data points important to your business as soon as a claim occurs, which not only helps ensure greater accuracy in the claim details but also helps preserve important facts for risk management and claims defenses. This information is captured and aggregated within our innovative claims management software, FileHandler. Our experienced claims staff then uses this data to generate customized loss-run reports for you, our valued clients.

We also offer customized driver training and safety programs through our online Risk Management Center, powered by Succeed”. This comprehensive online resource includes a risk management library with instant access to over 2,000 risk management and safety resources, in addition to a robust HR & Benefits Library, and powerful risk management analytical tools.

The link (https:/ /www.jwsoftware.com/~jwsoftware/ staging/fhe_ vid_re_scss_pg/) provides a brief overview of the types of custom reports that can be designed within FileHandler and easily emailed to you without the need to continuously log in to the system.

Napa River is committed to working with you and your company to identify each and every aspect of your needs, and together, solving the often daunting puzzle of transportation claims.

FileHandleri s a registeredt rademark of JW Software, Inc., St. Louis, Missouri.

Succeed is a trademark of Succeed Management Solutions, LLC, Lake Oswego, Oregon.

Advances in Safety: Is Technology the Answer?

In our last issue of Risk in Sight, we looked at the importance of people and culture as the first step towards controlling risk in commercial transportation.

Professional drivers and those who support them must work together with the common goal of returning home safely from every single trip. Drivers and companies are also charged with the safety of the general motoring public, with whom we share the roads. As professionals, we hold the greater responsibility to avoid trouble on our nation’s highways.

As technology has advanced over the last several years, it has increasingly played an active role in accident avoidance or mitigation. At the same time, an ongoing debate has emerged as to whether this technology may actually harm the driver by becoming a distraction.

In a study released in September 2017, the AAA Foundation for Traffic Safety looked at four types of advanced safety technologies available for large commercial vehicles and found each had measurable benefits to highway safety:
LANE DEPARTUR WARNING SYSTEMS

These systems could hold the greatest promise in preventing a number of truck crashes, from simple lane-change accidents to serious roadway departures. Erratic lane tracking or repeated lane departure and correction can also indicate a fatigued driver. Our experience has found lane-change accidents to be the most frequent types of claims for our trucking clients.

By immediately alerting the driver and providing timely telemetric data to the company, corrective action can be taken before this behavior leads to an accident. These systems can also help identify vehicles in truck blind spots and warn the driver before a potential collision. The AAA Foundation study found as many as 6,372 crashes, 1,342 injuries and 115 deaths could be prevented annually if these systems were deployed on all large trucks. 1

VIDEO-BASEDO NBOARDS AFETYM ONITORINGS YSTEMS(D ASHC AMS)

These systems are becoming more widely used to monitor driving behavior through the recording of triggering events. These videos are then used to counsel drivers. We have found that just by having the camera in the unit, drivers become more aware of their driving habits and change behavior so as not to activate the camera. Newer systems are also starting to provide telemetric data that shows performance information on such habits as following too closely, even without a triggering event. The AAA study estimates as many as 63,000 crashes, 17,733 injuries and 293 deaths could be prevented annually by the use of dash cams.2

AUTOMATICE MERGENCYB RAKINGS YSTEMS Rear-end accidents are by far the priciest claims we see in both property damage and human cost. The current generation of these systems has proven effective in avoiding or at least mitigating losses by intervening before a driver might have a chance to react. These systems monitor closing rates as the unit approaches a vehicle from the rear. Simple mechanical physics still play a major role in system effectiveness. In the case of a sudden slowing of traffic or another vehicle cutting in front of a truck, the unit still needs adequate room to stop. We do, however, have the opportunity to lessen the impact by having the truck react more quickly to the impending hazard. The AAA study estimates 5,294 crashes, 2,753 injuries and 55 deaths could potentially be prevented annually if these systems were deployed on all large trucks.’

AIR DISC BRAKES

This technology is valuable not only to power units, but also trailers. In addition to bringing greater stopping power to the unit, the use of this equipment also contributes to lower long-term maintenance costs. The AAA study found that installing these braking systems on all large truck units could prevent as many as 2,411 crashes, 1,447 injuries and 37 deaths annually.•

While both the professional driver and the environmental safety culture we cultivate remain the most import components of avoiding costly accidents, technology has clearly become a tool that benefits our professional drivers. While it will be years before we see the aforementioned technology on all trucks, be sure to at least explore the technological options available when making future purchases.

For more information, you can view a full copy of the AAA study Leveraging Large-Truck Technology and Engineering to Realize Safety Gains at AAAFoundation.org.
Leveraging Large-Truck Technology and Engineering to Realize Safety Gains, AAA Foundation For Traffic Safety, September 2017.

2 Ibid.

3 Ibid.

4 Ibid.

Communicating With Your Driver: Post-Accident Claim Management

DRIVER DOS & DON’TS

When a driver has an accident, proper safety protocol mandates that the driver immediately report the incident to his/her company. After that, it is important that the company clearly communicates to the driver the next steps and proper procedures that should be followed. Unfortunately, this is not usually the case. In order to help ensure you are communicating to your driver the proper claim management procedures following an accident, we put together a short list of driver Dos and Don’ts.

Dos

• DO always be truthful and extend professional courtesy to law enforcement and investigative personnel at the scene. You should not be combative.
• DO remember that your TPA, Napa River Insurance Services, Inc., or excess carrier, Hudson Insurance Company, will be handling the claim and/or suit on the company’s behalf. Note that upon initial investigation at the claim stages, our claim investigators and/or defense counsel will not take any formalized statement from you, the driver, since we do not want your information preserved and possibly used as impeachment material in a legal proceeding, deposition and/or trial testimony.
• DO advise the company immediately if you are served with any legal papers (suits, citations), since these legal papers require a proper response within a prescribed timeframe.
• DO keep the company advised of your current contact information, especially if you are no longer employed at the company and there is a pending accident claim or suit. Your cooperation may be needed for defense at a later date.

DON’TS

DON’T say “I am sorry” at the accident scene. Although this may be a natural reaction, these words can be detrimental in claim and legal handling and can be considered an admission of guilt or liability.

• DON’T take photographs of any visible injuries. Those injuries SHOULD NOT be detailed in photos, since graphic injury photos can be used against the company in efforts to bolster the injured parties claim or suit, and may also be portrayed as an insensitive action. The opposite is true in terms of photographing the scene environment-it is fine to photograph placement of vehicle(s), license plate, etc.
• DON’T volunteer to speak and give out details of the accident if contacted by any claimant carrier or plaintiff attorney. Any caller should be directed to contact the company.

Although one should take any and all measures to prevent such an incident, accidents will undoubtedly happen. When it does, you will now be prepared to clearly and easily communicate to your driver best practices for claim management. Do not hesitate to contact your Napa River claim representative if you have any questions or desire further guidance.

Cyber Liability: Today’s Rapidly Growing Risk

PART TWO

Ways Your Organization Can Be Harmed

There are many ways that thieves looking for access to personal health  information can gain access to a system. They can hack their way in by exploiting security vulnerabilities of a healthcare provider Hudson Insurance Group or one of its vendors. They can use socially engineered attacks such as phishing, where spoofed e-mails appear legitimate at first glance but actually trick employees or patients into turning over passwords, granting access to information or unknowingly installing malware on the network. There is also the threat of a rogue employee abusing access privileges. According to a recent Ponemon healthcare study, outside criminal attacks are the primary source of breaches (accounting for an estimated 50% of breaches), while rogue employees accounted for an estimated 13% of breaches. 1

This is the second article in a series. The first article, which focused on the nature and scope of cyber liability, appeared in the previous edition of Risk in Sight located here:
https://www.napariverinsurance.com/ transportation/overview/

Last year, an Ohio clinic was hacked and the criminal released approximately 150 GB of medical records, personal information, and financial and other business data_ The group claiming responsibility, Pravvy Sector, made no demand for money; it appeared to only be interested in getting attention. Nonetheless, the clinic appears to have incurred significant costs in connection with the breach. News media reported that the clinic sent notification to persons affected and offered to them free credit monitoring and identity protection. An industry database reported that the clinic engaged a forensic technology firm, conducted a new risk assessment, installed an upgraded firewall system and implemented additional safeguards. Given the fact that the data was made public, it was deemed possible that there would be regulatory fines and penalties, and there could be PCI fines/penalties if financial information was involved. The clinic was a respected facility and reputational damage was a concern, thus public relations expenses also may have been incurred.

Ransomware / Malware

Ransomware is the fastest-growing cybercrime across all industries but its growth in the healthcare sector has been explosive. In a ransomware attack, the criminal finds a way to get malware onto the healthcare provider’s network in order to either:

(1) take control of the entire network or critical portions of it or

(2) encrypt critical data or records that the facility needs to operate. The criminal then makes a monetary demand, typically in bitcoins for anonymity purposes, in order to restore control of the digital assets to the victim.

Last year, criminal hackers using malware seized control of Hollywood Presbyterian Medical Center’s computer systems and would only agree to release control after a ransom, reported to be in the $15-20,000 range, had been paid in bitcoins. As in most ransomware situations, the dollar amount demand was low in comparison to the potential exposure from non-compliance. The demand in such cases is set intentionally low to encourage prompt compliance. In many instances, the perpetrator does not later come back to make a second attempt once a demand is paid. Perhaps that’s honor among thieves; more likely it’s a case of not wanting to test their luck twice on the same victim, who undoubtedly reported the incident to law enforcement. That’s not always the case, though. Kansas Heart Hospital in Wichita, KS paid the criminal’s initial demand, but the perpetrator came back and required a second payment. There have also been events where data was encrypted, the ransom was paid and the key needed to unencrypt the data was never provided.

Negligence / Human Error

Negligence, typically carelessness or simple human error, is often a major component of a breach. The United States Computer Emergency Readiness Team, a division of Homeland Security, estimated that as many as 85% of attacks could have been prevented by deploying software updates and patches provided by the manufacturer of the product. While this would seem to be a pretty straightforward issue to address, networks have grown significantly in size with new networked devices being added regularly, and each device has its own set of updates and patches.

Also last year, hackers reportedly exploited a known weakness in widely used software code (JBOSS) to breach Medstar, a large healthcare network. If the reports were correct, Medstar could have prevented that exploit by deploying a vendor-provided update or by deleting two lines of code. Warnings on the vulnerability were issued initially in 2007 and again in 2010, so this was neither a case of simply missing an update nor being exposed for a short time window.

Simple human error can have major consequences. A former patient at St. Joseph Health System (SJHS) in California did an online search and discovered that its patient records were viewable online due to an improper security setting on its network. A class action lawsuit was filed that resulted in a settlement agreement that could cost the system as much as $35 million. That settlement breaks down as follows: $7.5 million to plaintiffs, the largest settlement on a per plaintiff basis to date; $4.5 million for credit monitoring; $3 million to compensate for identity theft losses; $7.4 million for attorney fees and $13 million for improvements to bring SJHS into compliance.

Phishing

Phishing is a socially-engineered attack where system users are sent a spoofed e-mail made to look like it comes from a recognized or trusted source. The goal is to get the user to provide personal information and/or click on a link that deploys malware onto that user’s network. The criminals cast a broad net by sending out thousands of e-mails figuring they will get some people to bite. Similar to a direct-mail advertising campaign, the anticipated uptake rate is of the traditional phishing technique. In contrast to a broad distribution, it is very focused and tactical, typically targeting primarily the executive suite of an organization. The criminal will initiate a request that appears to come from an executive in the organization to another employee who the attacker believes will have the authorization to make a large payment, transfer funds, approve an invoice or supply the desired information. The criminal makes it appear that the spear phishing email is coming from the CEO, CFO, COO or HR Director-people who typically would have the authority to make the request. The perpetrator hopes that the employee receiving the phony e-mail will think that it is coming from a peer or superior and will comply and deliver the goods, without question. Sophisticated hackers do their homework following executives on social media, perhaps hacking e-mail accounts to gain access to travel schedules. They spend significant amounts of time learning about the target, their interests, habits and routines in order to make their request appear as if it is legitimate. All it takes to derail such an attack is a phone call or a planned procedure that would not be known to a criminal.

Last year, a healthcare system HR employee was duped by a spear phisher posing as a senior finance executive into providing over 5,000 employee W-2s. The employee was so focused on pleasing the senior executive that the employee didn’t bother to ask what it was for, why it was needed and whether that individual had the authority to request such information.

Distributed Denial of Service attacks (DDoS) are assaults on a network where the perpetrator uses computing power to flood the target’s servers with more traffic than the network can handle, causing it to slow severely or completely shut down. Typically a DDoS doesn’t involve disclosure of information, unless it is being used to distract IT security while another area of the network is being accessed. DDoS attacks can be financially oriented or intended to punish. The frequency of such attacks is on the rise in healthcare; however, these types of incidents are not as widely reported as breaches. There was a widely published DDoS attack in 2014 at Boston Children’s, which was perpetrated by the hacker group Anonymous. It appears the hackers were most interested in making the point that it could be done.

There is growing concern over the ability to hack into medical devices that are connected to the internet. The closest known event to date was the extortion attack on Hollywood Presbyterian that impacted the facility’s ability to interact with hospital equipment in the course of providing care. The attack did not specifically target individual medical devices, but it was ominous nonetheless. As part of a study on the issue, a researcher with Kapersky Labs was able to easily and successfully access an MRI machine to obtain access to medical records via a security vulnerability in the hospital’s WiFi network. The possibility of a hacker being able to alter medical records to create false positive or false negative results, enter data that could alter the course of treatment, or even to control a device administering treatment is truly frightening.

Safeguarding Against Attacks

What can providers do? Based on the Kapersky researcher’s experience we can draw a couple of conclusions:

• It is vital to keep your networks and devices updated. The researcher got in by exploiting a flaw in the WiFi network’s security settings. Updates are important!
• Use caution when choosing devices. The researcher also noted that some device manufacturers do an excellent job of securing their devices, while others, in a rush to meet functional needs, place security as a second- or third-tier priority in development. This problem is commonplace in the development of most mobile device applications, but one would hope that we could expect a higher emphasis on security in medical devices. One explanation for why that may not be the case is that many OEMs are not considered covered entities under HIPAA and therefore are not required to adhere to the same stringent guidelines as care providers. That puts device manufacturers and providers at odds. Inclusion of internet-connected security evaluation criteria to all medical devices is a possible means of mitigating a device hack. It is certainly not a guarantee, but if security is part of the decision -making process when the devices are procured, it would stand to reason that the likelihood of a hack would be decreased. Only time will tell.

Future articles include:

• Part Three: Limiting Exposure through Preventive Measures
• Part Four: Preparing for the Time When Preventive Measures Fail

New Vendor Discount Program: SuperVision

Napa River Insurance Services, Inc. is pleased to announce a new vendor discount program with SuperVision”.

SuperVision provides comprehensive, fleet safety and performance management solutions that optimize fleet oversight and driver behavior through advanced data, actionable insights, analytics, and reporting. SuperVision is the latest in a line of industry-leading products and services created by Explore Information Services and Solera Companies. Since 1989, Explore Information Services has been providing risk data services and developing superior information solutions for commercial fleets, insurance companies, and government entities. As our client, you will receive access to customized reports, as well as all of the other benefits offered by

Super Vision, including:

• Alerts about any driver violations, suspensions or revocations
• Alerts when a license is expired, suspended, revoked or canceled, and when the status changes
• Alerts when a license is suspended for a non-moving violation, such as unpaid child support
• Motor vehicle record (MVR) updates, plus MVR reviews and automation
• Driver violations by geography, time frame and business unit
• 24/7 access from any internet-connected device

We encourage you to contact your Napa River risk representative to learn more about the Napa River discount. To learn more about SuperVision, visit eSuperVision.com.

• While neither Hudson Insurance Group nor Napa River Insurance Services, Inc. formally endorse any products, we do try to find proven industry vendors from which to secure product discounts for our customer partners.

SuperVision is a registered trademark of Explore Information Systems, A Solera Company. Eagan, MN.

Wearable Technology Devices in Personal lniury Cases: Defense

Wearable technology usage is on the rise. Today, “one in six consumers in the United States currently uses wearable technology:’ 1 Devices such as Fitbit” activity trackers, MicrosoftTM Band, and Apple Watch” have technology capable of tracking an individual’s daily physical activity.2 Wearable technology can be thought of “as partial witnesses, ones that carry their own affordances and biases’.’3 The data that is collected from these devices can be used in a lawsuit for either a plaintiff or a defendant. Due to the growing popularity of wearable technology and its data collection capabilities, attorneys should begin utilizing these devices to prove or deny damages in personal injury lawsuits. In this article, we will focus on the defense in such cases.

Consider this hypothetical: a plaintiff has been involved in a car accident and is claiming that he is no longer capable of performing the physical activities he once did. Does the plaintiff have a Fitbit account or similar application? Does the Fit bit or similar device show any change in activity levels before and after the accident? The absence of such changes could significantly undermine the credibility of the plaintiff’s claim.

But how do you get this information? Ask for it in written discovery requests and inquire about it at the deposition. Anticipate objections and be prepared to explain the relevance of the information contained within any “wearable technology devices” utilized by the plaintiff.

You may also be wondering: can discovery of this information be curtailed by Health Insurance Portability and Accountability Act (HIP PA) concerns? Unfortunately, there is no clear-cut answer. HIPPA is only applicable to covered entities and their business associates.4 Wearable technology devices, such as those described above, could be considered “covered entities” cited in the statute. Additionally, since these devices must be registered with the entity before the data can be collected and analyzed for medical purposes, wearable technology devices may be considered “business associates” of medical entities covered by HIPPA. However, the information generated through fitness trackers, smartphones and mobile applications is generally not covered by HIPAA regulations. Thus, the defendant should, in most cases, subpoena the records with the pertinent data from the wearable technology device company.

1 ‘Piwek L, Ellis DA, Andrews S, Joinson A (2016) The Rise of Consumer Health Wearables: Promises and Barriers. PLoS Med 13: e1001953 doi. Available at: 10.1371/journal.pmed.1001953

2 Kate Crawford, When Fitbit is the Expert Witness, ATLANTIC (Nov. 19, 2014), Available at: http://theatln.tc/22jb92A.

3 ‘Id.

4 See, The HIPAA Privacy Rule, 45 C.F.R. Sect. 160.102

However, there are a few steps that need to be taken before the data obtained from wearable technology can be used at trial. In order to be admitted at trial as evidence, such data must be authenticated. Since wearable technology devices are connected to servers, they can easily be manipulated; thus, savvy plaintiffs may argue the information is unreliable and inadmissible.

Courts have uniformly held that existing rules of evidence are “generally ‘adequate to the task”‘ of authenticating electronic information and have declined to create new and special rules.5 In other words, existing Rule 901 of the Texas Rules of Evidence governs the authentication of information obtained from wearable technology. To meet the requirements under this Rule, the defendant should have a third-party service or expert collect and analyze the data in order to present evidence sufficient to support a finding that the evidence is what the defendant claims it to be in compliance with the Texas Rule of Evidence Rule 90l(a). 6 Consult with a data retrieval specialist for more information about the processes available for retrieving such information, along with the metadata to ensure accurate results.

In conclusion, wearable technology devices are increasingly present in today’s society. Using this technology to rebut a plaintiff’s damage claims is an innovative technique of which defense attorneys must be aware, and they should be prepared both to collect and to utilize this potentially invaluable information.

Reprinted with permission by The Bassett Firm. All rights reserved ©2017. \
Fitbit activity trackers is a registered trademark of Fitbit, Inc. and/or its affiliates in the United States and other countries.

Microsoft is a trademark of Microsoft Corporation, Redmond, Washington. This article is an independent publication and is neither affiliated with, nor authorized, sponsored or approved by, Microsoft Corporation.

Apple and Apple Watch are registered trademarks of Apple, Inc., Cupertino, California. This article is an independent publication and has not been authorized, sponsored or approved by Apple, Inc.

5 ‘Tienda v. State, 358 S. W.3d 633, 638-39 (Tex. Crim. App. 2012).

6 See, TEX. R. EVID. 90l(a)  Now Is the Time for ELDs

After much speculation and debate, the mandate of Electronic Logging Devices (ELDs) becomes reality on December 18, 2017. As of this writing, there was nothing pending in Washington to delay the effective date of the ELD rule. The last attempt to do just that failed to pass in the U.S. House of Representatives in early September.

Contrary to popular belief, the Federal Motor Carrier Safety Administration (FMCSA) is ready to enforce the ELD mandate. Violations will be recorded and citations could be issued beginning December 18, at the local jurisdiction’s discretion. However, the Commercial Vehicle Safety Alliance, in cooperation with the FMCSA, announced on August 28, 2017 that drivers of applicable vehicles that do not yet have an ELD will not be placed out of service until April 1, 2018.

The following are exemptions to the mandate:

• Drivers who currently use paper Record of Duty Status (RODS) for not more than 8 days out of every 30-day period
• Drivers who are required to keep RODS not more than 8 days within any 30-day period Drivers who conduct drive-away-tow-away operations, where the vehicle being driven is the commodity being delivered, or the vehicle being transported is a motor home or a recreation vehicle trailer with one or more sets of wheels on the surface of the roadway
• Drivers of vehicles manufactured before the model year 2000 (as reflected on the vehicle registration)

While these exemptions are available, a company may, of course, choose to proceed with an ELD in the aforementioned cases.

We have found that even the harshest critics of the mandate have become supporters, since this mandate makes compliance with the Hours of Service rules so much easier for the driver. ELDs also benefit the company by providing more accurate and timely information, resulting in more efficient dispatch of drivers. In many cases, fleet utilization has actually improved. Additionally, shipper/ consignee activity, such as detention and other delays, can be better tracked and documented. Many carriers are already using this data to improve the work environment for drivers.

As with any new rule, there will be ongoing interpretation, and the anticipated change can oftentimes seem more difficult than reality. The reality is that, in the end, the ELD mandate will be good for safety and operations. Therefore, you should embrace the change and learn how to prosper from it.

The Napa River Risk Services team will help you in this task. We are available to work with you to help turn this new mandate into an opportunity for your organization. Meanwhile, you can stay up to date on the mandate at https:/ /www.fmcsa.dot.gov/faq.

information provided shall not revise, supplement or alter an insurance policy in any manner, nor is it intended as a substitute for advice from a risk management expert or legal counsel you may retain for your own purposes.

Click here to download the newsletter PDF >

www.napariverinsurance.com

©2017 Napa River Insurance Services, Inc.

The post Risk In Sight Newsletter – Fall/Winter 2017 appeared first on Napa River.

RISK IN SIGHT NEWSLETTER

TRANSPORTATION ISSUE

SPRING 2017

Welcome to the first issue of Risk in Sight, brought to you by Napa River Insurance Services, Inc.TM in partnership with Hudson Insurance Group. This newsletter will provide you, our valued transportation clients, with information about best practices, industry updates, company news and other information that will help enhance your business. Risk in Sight will also feature our risk and safety supplementary services. Most notably is our 24-hour risk management and safety support via an intuitive web-based portal, the Risk Management Center (RMC) in partnership with Succeed®. Some of the portal’s features include:

• Access to best practice recommendations, safety programs and a library with templates for policy and procedure development
• The ability to train employees online by scheduling web-based programs which track and offer certificates of completion
• An incident reporting and tracking function for clients to monitor and report on risk and quality outcomes, including the ability to develop customized reports
• The capability to construct a customized dashboard to establish and rank meaningful metrics and/or to establish benchmarking metrics or analytics.

We realize the industry faces an ever-changing set of challenges and opportunities, and we strive to be ahead of the curve to help ensure you are ready for whatever challenges your business may face. This newsletter is a testament to our resolve to keep abreast of new industry developments and to continually examine how we can improve our offerings to best

meet your needs.

Thank you for your business.

About Napa River

Napa River Insurance Services, Inc. is a California domiciled premier third-party administrator that provides the following services in the fleet trucking market:

Claim Services: We handle claims for clients who choose to outsource their Self-Insured Retention (SIR) claims. Each client is assigned a specialist who becomes their single point of contact on all matters. Your contact will work directly with you to ensure a clear understanding of your claim goals and will map out a specific plan to help you achieve them.

Our team has handled and resolved thousands of transportation claims, so we truly understand the trucking industry and the particular challenges it faces. We understand claims become more expensive the longer they remain open, and a reduction in the number of open claims directly affects the level of collateral required. To that end, we aim to close claims as efficiently as possible while securing the most favorable outcome.

We take a comprehensive approach to transportation claims, providing a unique blend of expertise, responsive and personalized service, and innovative programs and technology including:

• A single source of claims contact who knows and understands your claims goals • Managed claims within SIR from start to finish
• FileHandler, our state-of-the-art claims system with online real-time access to all claims documents, financials and loss reports
• 24/7 engagement of our experienced claims personnel for any claim emergency needs
• State and federal claims reporting on Medicare, OFAC, SIU, ISO-Index and child support liens • Nationwide access to claims vendors with pre-negotiated reduced rates
• Legal monitoring and bill review
• Excess carrier claim reporting

Risk Management Services:

Since the first dollar of loss is within a client’s SIR, we provide risk management services to help protect your capital at the earliest opportunity. Our specialists will provide unique, tailored solutions that promote a culture of safety.

We understand that prevention is key. Our objectives are to help identify and avoid problems before they happen, improve driver retention and build a risk management culture that minimizes the overall cost of risk, which ultimately protects your capital and boosts your bottom line.

Our broad array of services includes:

• Safety, Compliance and Risk Management
• Assessments and Consulting Driver Recruiting Improvement Strategies
• Driver Care Frontline Staff Training
• Driver Retention Programs
• Evaluation and Design of Safety Incentive/Award Programs • Loss Experience and Cost of Risk Analysis
• DOT Audit Preparatory Evaluation
• Ongoing Remedial Driver Training Design and Implementation
• Design and Implementation of Entry Level Driver Training Programs

Additionally, we provide clients access to our robust Risk Management Center (RMC), powered by Succeed®. The RMC is our learning, risk management platform and online resource that provides a wealth of information and effective tools.

We take our obligation to bring real value and effective solutions quite seriously. We are honored to have you place your trust in us, and want to exceed your expectations whenever possible. Choosing a business partner is a critical decision and, like you, we take great pride in whom we work with. Thus, our team extends a heartfelt THANK YOU for choosing us as your claims and risk and safety partner.

Hudson Commercial Auto

Hudson Insurance Group is a leading provider of commercial automobile insurance, offering its products through agents, brokers and program administrators across the U.S. Operating out of Indianapolis, our team has been serving the trucking industry since 1995.

From vans, pick-ups and fleets to heavy haul, tandem and specialized trucking, we offer clients access to best-in-class expertise from a team that is focused on helping them meet risk management objectives, protect capital and minimize the cost of risk. To meet this need, Hudson offers an Excess Indemnity Contract (EIC) that sits above a Self-Insured Retention (SIR). The SIR is determined by the size and criteria of each client, with the goal of customizing coverage and risk-sharing that fit specific needs.

Hudson also offers a MCS-82 Surety Bond, which is independent of the EIC and satisfies the motor carrier’s financial responsibility requirement with the Federal Motor Carrier Safety Administration. For those carriers utilizing Independent Contractors, Hudson can also provide Non-Trucking Liability, Physical Damage, Occupational Accident, Contingent Liability and other ancillary products. Meanwhile, our third-party administrator, Napa River Insurance Services, Inc., provides risk management and claims handling services to insureds.

Hudson has a solid foundation in the trucking industry rooted in our deep industry knowledge, longevity within the transportation market, our financial security and, most importantly, our strong client relationships. We also understand that a one-size-fits-all approach seldom works. Sharing best practices is important, but even more so is adapting them to meet your specific needs. By providing you with excellent service, we proactively seek to preserve our partnership and, where possible, strengthen it.

For more information about our products, please visit us at husdoninsgroup.com/fleet.htm.

The Key to Our Claim Philosophy: Communication

While some of you may have heard this before, I want to reiterate a message of great importance — our claim philosophy. The cornerstone of our philosophy is communication, and our execution of this philosophy is what truly defines us and separates us from our peers.

Throughout the entire life of the claim, we continuously communicate the status of the claim. Once a claim is established, the file contents will be available 24/7 for review. Through FileHandler, our state-of-the-art claim system, you will see adjuster notes, correspondence generated, documentation obtained and financials posted to that file. The financials are reflected in real time, allowing you to obtain standard and/or tailored financial loss runs and reports any time you desire. The adjuster assigned to your account will provide you updates upon the progression of the claim to avoid any surprises along the way.

Our methods help ensure collaborative claim handling through file closure and truly exemplify the value and respect we have for you — our clients.

Coming Soon! Visit our new website at napariverinsurance.com!  Camera Installation: Do Benefits Outweigh Concerns?

Stephen M. Philleo, J.D., Director of TPA Claim Operations

Clients often ask our advice regarding camera installation on units, since many worry that the benefits may not outweigh their concerns. To clarify our perspective, we list below two of the most commonly raised questions, along with our responses:

Are cameras worth the cost?

From a risk management perspective, the benefits very often outweigh the costs. If even one claim can be denied through evidence from a camera, the costs can be easily offset. A recent example supporting this view comes from one of our clients involved in an accident where liability initially appeared to be indeterminate. After reviewing a unit camera recording that filmed the incident, the county police sergeant advised our client:

“This video was the critical piece of evidence in my investigation to determine your driver was not at fault and he will be listed as driver #2 (on the police report). The other driver has been determined to be at fault and will be listed as driver #1. Without this video, I would not have been able to determine the at-fault driver due to differing testimony. Basically, we wish every transportation company would equip their tractors with a video like you had, as it made our investigation result very clear.”

Without the unit recording, we would not have had the unquestionable evidence leading to such a prompt resolution.

What if the camera captures something incriminating or harmful?

If the camera captures facts that could have adverse effects on our client, it is better to know and acknowledge those facts upfront so that we can be proactive in our settlement efforts. If, on the other hand, we do not learn the true facts of the case until suit discovery, the claim may remain open longer due to unnecessary litigation, thus resulting in a more costly resolution.

Bottom line: we believe cameras should be installed in every unit. The cost of installation can be easily offset by the one claim that is not paid. Additionally, cameras help in the discovery of the true facts — good or bad — so the claim can be resolved in a timely, cost-effective manner.

Comprehensive Risk Management, Employee Safety and Compliance Platform

Help protect your company with the Hudson Risk Management Center (RMC), a unique web-based software suite of safety and risk management tools designed to empower your organization’s risk prevention efforts.

The RMC allows you to reduce risk and enable employee safety by creating effective risk mitigation programs. It is easy to access and use, and provides a cost-effective risk reduction and safety center for your entire organization across all departments and locations.

Efficient, Cost-Effective and Time-Saving Solutions

The RMC is right for any organization that wants to proactively manage their risk exposures and develop effective workplace safety programs to reduce claims, losses, and associated costs. It enables employers to:

• Meet OSHA hazard communication requirements
• Access a best-practices safety library
• Train employees efficiently and effectively
• Build a behavior-based safety program
• Manage certificates of insurance to limit liability
• Create job descriptions and modified duty programs Benefits at a Glance
• Used by over 45,000 organizations worldwide
• Comprehensive risk management platform eliminates the need for multiple programs
• Easy access through web-based application
• Complete library of safety and risk management materials based on industry best practices
• The tools for a true behavior-based safety program
• Comply with regulatory requirements
• Improve profitability through reduced costs and increased productivity
• No internal development or maintenance costs

A Holistic Solution to Manage Risk, Control Loss and Improve Compliance

Click an item below to view a short video for more information.

ONLINE TRAINING LIBRARY

Multitude of bilingual PowerPoints, policies and training shorts

CERTIFICATE OF INSURANCE MANAGEMENT

Manage your COIs to control liability and risk

HR & BENEFITS DATABASE

Resources and handbooks for all 50 states

BEHAVIOR-BASED SAFETY PROGRAMS

Build behavior-based safety programs with job hazard analyses

INCIDENT TRACKING/TRENDING AND CLAIMS REPORTING

Trend incidents, report claims, print OSHA logs

JOB DESCRIPTION TRACKING

Access a pre-loaded library of comprehensive job descriptions; create modified duty assignments

SAFETY DATA SHEET MANAGEMENT

Be compliant with OSHA hazardous material standards and the new globally harmonized system

EMPLOYEE TRAINING MANAGEMENT

Automate scheduling and reporting using our online training

SUCCEED SERVICES

Have your risk and compliance programs managed by Succeed

Steps to Elevating Your Safety & Risk Management Program

Our safety and risk management articles will focus on ways to improve your overall safety and risk management program. While subsequent articles will address the use of technology and the role it can play in improving driver performance and mitigating risk, this article will spotlight the cultural aspects of continuous improvement.

Quest for the Next Level

The search for how to take a safety and risk management program to the “next level” can sometimes lead to great frustration, since there is no silver bullet, singular idea or solution to help reach this mystical place. To reach this goal, we must first recognize the biggest obstacle — distraction, otherwise known as the “silent killer.” Based on our years of experience in the trucking industry, we understand the majority of large losses have a root cause that often includes some type of driver distraction. Even seemingly minor distractions can make the difference in a driver safely negotiating potential problems or becoming involved in an accident, and these distractions can come in many forms. Common distractions for professional drivers can include personal problems, such as family or money-related issues, as well as interaction with frontline employees (including dispatchers, operations personnel, mechanics and even payroll and HR personnel). Drivers can also be distracted by situations with customers or by other drivers on the road.

Slaying the Dragon: Combating Distractions

In our quest to reach the next level, we often lose sight that the most basic starting point for improvement may be easily within reach — the people and culture within the organization. In trucking, one of the leading causes of driver turnover is displeasure with a member of management or support staff. Additionally, those on the front line, on whom the driver depends, can be a source of frustration and lead to distraction on the road. Moreover, it is those same people — with which the driver has the most interaction—that may be the key in helping identify and combat distraction. Through day-to-day interaction, frontline personnel get to know the driver and in the process have the opportunity to gain insight to specific situations in a driver’s life, learn to recognize when he or she is showing signs of behavioral changes that could lead to distraction, and can step in to provide any assistance they might need.

Frontline personnel are key links between the company and the driver.

Driver environment plays a major role in mitigation of risks.

Steps to Victory: Reaching the Next Level

1. In order to create a better safety and risk management culture, an organization must start to educate everyone that touches a driver. Operations and frontline personnel, who have direct contact with the driver, are an obvious place to start. However, we must go deeper into the entire organization and include anyone that may interact either directly or indirectly with the driver and has the potential to recognize or be a source of distraction.
2. Recognizing Risk. Years ago, the vast majority of dispatchers and other frontline personnel had been drivers at one point in their career, and they had firsthand knowledge of the challenges drivers face every day. Today, former drivers are indeed the minority in frontline supervisory and support positions. Many of these individuals have never even been in a truck, let alone have intimate knowledge of driver challenges. Thus, personnel must be trained to recognize risk so they can then try to mitigate it. They must know how to better listen to the driver in order to pick up on the signs of behavioral change or possible distractions. Of equal importance is spending more time with drivers in order to learn about possible issues that may negatively affect them. With the introduction of more technology, recognizing risk may become problematic as more and more interaction with drivers takes place via an in-cab screen and less time is spent in person.
3. Building Infrastructure & a Culture of Safety. Training is not enough. Organizations must also have the infrastructure in place to address concerns that may be identified. The first time a potential issue is not taken seriously will be the last time that individual comes to management with possible concerns. Oftentimes solutions may be very simple; however, the organization must also be committed to addressing the more challenging issues. Forming an improvement working group that regularly convenes to discuss issues and resolutions is one example of how to address challenges. Participants should represent various areas and levels across the organization to help ensure all perspectives are considered. Discussing past issues will also help lead to proactive measures that may avoid similar problems down the road.

Heroes

Drivers are the lifeblood of the transportation industry, yet we accept high turnover and driver shortages as the simple reality of trucking. We shouldn’t. We should build a culture that is respectful and mindful of the driver and for that matter, everyone within the organization. Individuals must take responsibility for their own actions, and have an interest in the success of others and the organization as a whole. The organization that has achieved that next level is one that knows and respects the value and sacrifices of the driver and those they leave behind each week. In better addressing issues that cause driver distractions, organizations will see improvement in driver retention, as well as reduction in potential risk. By creating this culture, organizations can take a giant leap ahead to reach the NEXT LEVEL.

Our Driver Care Program, a value- added feature of our insurance program, aims to improve driver retention.  Cyber Liability:

Today’s Rapidly Growing Risk

This is the first article in a series. This part discusses the scope of “cyber liability” and the fact it is not limited to online networks or to the mere theft of sensitive information. Future articles are: • Part Two: Ways Your Organization Can Be Harmed • Part Three: Limiting Exposure through Preventive Measures • Part Four: Preparing for the Time When Preventive Measures Fail

PART ONE: What is Cyber Liability?

Cyber Liability can mean different things to different people, but we will define it as the risk associated with conducting business online, over other electronic networks or utilizing electronic storage technology. You don’t have to be a large business, or one that conducts business online, in order to have cyber exposure. Almost every business has at least one computer, and if you have a computer, there is a pretty good chance that it is equipped to connect to the internet. Even small businesses utilize third-party service providers for hosting e-mail, billing, payroll and a wide variety of other functions. Cloud-hosted applications and storage have become commonplace. Almost no business, big or small, is immune from cyber exposure. Large companies have long been targeted for their treasure troves of information; now small companies are targeted because they are seen as vulnerable prey.

The healthcare industry, more regulated than many, faces unique risks. Legislation such as HIPAA, HiTech and the Health Information Privacy and Security Act impose very specific requirements and include fines and penalties that can be very substantial. The cost of healthcare breaches is roughly double that of retailer breaches and 50% higher than financial institution breaches.

The primary driver of the excess costs is regulatory compliance, and associated fines and penalties. Medical records command a much higher price on the black market — as much as 10 times what credit card information brings. Medical information can be used to create false identities to obtain medical devices or drugs for resale, as well as to file false medical claims. Medical fraud can take months or even years to detect, whereas payment card fraud is typically discovered after a single billing statement. Medical organizations have extremely high volumes of valuable personal information. That fact, combined with reliance on multiple vendors and partners across multiple networks, increases vulnerability. You are only as secure as your weakest link.

Much has been made over the past couple of years about “The internet of Things.” Refrigerators and home thermostats are connected to the internet to allow us to monitor them as well as to report to the manufacturer on the device or equipment’s own operational performance. Medical devices are no exception. There has been much discussion of how insulin pumps and pacemakers could be targeted; certainly healthcare facility equipment would be at risk as well. If your refrigerator were hacked, your milk might go bad or you could lose a few prime steaks. Access to medical equipment could be life-threatening.

There are a wide variety of third-party and first-party losses that can occur as a result of a cyber attack. Third-party losses are those suffered by others, whether as a result of an attack on the provider’s network or by other loss of control of information, which could be as simple as loss of a backup drive or the theft of a laptop. First-party losses are expenses that the provider incurs as a result of the attack on their system or a loss of control over sensitive information.

Third-party claims based on third-party losses are often expressed in lawsuits. The lawsuits may be based on a number of types of loss, including injury to reputation or financial loss due to public distribution of private information. Legal fees in third-party claims can be substantial, and some claims can take the form of class actions. There are many different types of first-party losses that can occur; here are some of the types most commonly encountered:

• Notification expenses are costs incurred to notify affected parties that their personal information has been compromised. Whether or not notification is required depends on the nature of the breach and which federal and state regulations are involved.
• Credit monitoring expenses are the costs to provide affected parties with the ability to monitor their credit to help identify any abnormal or unauthorized activities. The period typically ranges from one to three years, depending on the nature of the breach and which federal and state regulations are applicable.
• Credit/identity restoration expenses are a newer first-party component that takes monitoring a step further. When a compromise occurs and an individual’s information is actually used in an identity theft crime, the provider may have to pay costs associated with restoring the affected individual to pre-breach status. That can involve legal fees as well as lots of wrangling with credit bureaus, retailers or service providers.
• Forensic costs to hire experts to determine the nature and scope of the intrusion or loss of information, or to try to stop an assault on the company’s information control and computing capabilities.
• Legal costs to guide a provider through the maze of regulations and risks that may be relevant.
• Cyber extortion, where hackers demand ransom payments in order to return control of a network or access to sensitive data.
• Loss of money through unauthorized wires or ACH transfers by an unauthorized party who obtained access or who used false pretenses to induce others to act. Regulatory fines and penalties imposed by federal and state regulations may be applicable based on the nature of an incident or compromise. Most providers accept credit/ debit cards as a form of payment, so they are therefore subjected to Payment Card Industry (“PCI”) compliance. If payment card information is compromised in a breach, the resulting fines and penalties can be substantial.
• Business interruption loss, if a cyber attack shut down or impaired your network for a period of time and the organization was not able to generate revenue or incurred additional costs to do so.
• Public relations (PR) costs to help manage or prevent fall-out from the event when it is substantially publicized and may harm the company. In some cases, this may be as simple as assistance with press releases; however, depending on the severity of the event, it could be broader in scope and include targeted ads in publications and television. The motivation for incurring PR expenses is to mitigate reputational loss. Components of reputational loss include damage to the provider’s brand/status in the community that it services. A provider may lose patients.
• If publicly traded, there may be loss of share price value. It is difficult to quantify an exact price tag associated with this type of loss, but it undeniably exists.

When we defined cyber liability, we focused on the internet, other electronic networks and electronic storage technology. Let’s discuss some key touchpoints within that framework. Network servers form the backbone of the healthcare provider’s system, so they are always a prime target. Criminals can figure out what types of hardware and software are being used with minimal effort and use that information to attempt to exploit known weaknesses.

Patient portals and Electronic Medical Records (EMRs) may exist on a provider’s own server or may be hosted by a third party. Portals and EMRs contain extremely valuable personal health information and are very attractive targets.

Vendors/business partners that have access to any part of the provider’s network present a significant exposure. Hackers gained access in the massive Target Corporation data breach through what was supposed to be limited access provided to an HVAC contractor.

With the major push into EMRs, providers are increasingly using mobile devices such as laptops, tablets and phones in the course of providing care. The more peripheral devices you add to a network, the more entry points you create. The WiFi connection for each device represents a potential point of entry for a hacker.

External drives are widely used for back-ups and disaster recovery. They are also often used when paper files are converted to digital. Storage and disposition of the old paper files are not online and are not something you think of as cyber-related but are nonetheless a source of significant liability if they are not protected and disposed of properly.

This completes our review of “What is Cyber Liability?” In our next issue, we will discuss the ways in which your organization can be harmed.

The information contained in this publication is provided for informational purposes only and is not provided as a substitute for advice from legal counsel regarding the content or interpretation of any law, regulation or rule. The information provided shall not revise, supplement or alter an insurance policy in any manner, nor is it intended as a substitute for advice from a risk management expert or legal counsel you may retain for your own purposes.

Click here to download the newsletter PDF >

www.napariverinsurance.com

©2017 Napa River Insurance Services, Inc.

The post Risk In Sight Newsletter – Spring 2017 appeared first on Napa River.

New York, NY – November 12, 2020 – Napa River Insurance Services, Inc. (Napa River), the third-party administrator (TPA) wholly owned by Hudson Insurance Group (Hudson), today announced the appointment of Suzanne Shields as its new director. Ms. Shields joined the Company on November 2, 2020 and is responsible for overseeing the management and growth of Napa River’s stand-alone claims and risk management services across its transportation, healthcare and public entity business segments. She reports to Peggy Killeen, Hudson’s Chief Claims Officer.

“Sue brings an unparalleled level of experience and knowledge to Napa River,” said Peggy Killeen, senior vice president and chief claims officer of Hudson. “I am confident that she will continue to move Napa River’s growth trajectory forward by opening doors for new business opportunities while leading a customer centric team of insurance professionals.”

Ms. Shields has more than 20 years of technical and leadership experience in the insurance industry. She most recently served at Aon where she was responsible for marketing the products and services of its wholly owned subsidiary, K&K Insurance.

“I’m excited to present Napa River’s suite of claims and risk management services to clients who are looking to efficiently manage their business and maximize their profits,” stated Ms. Shields. “As a new, driving force in the TPA space, Napa River has tremendous potential, and I look forward to being part of the effort that advances its business to the next level.”Ms. Shields earned a BA in Political Science from Randolph Macon College and a BBA in Risk Management Insurance from Georgia State University. She also holds Property & Casualty and Life & Health licenses.

About Napa River Insurance Services
Napa River Insurance Services, Inc. is a California domiciled third-party administrator that provides superior claims and risk management services to clients in niche markets. Its employees are located in Napa, CA; Chicago; Indianapolis; New York and Avon, CT. Napa River is a wholly owned subsidiary of Hudson Insurance Company. For more information, visit www.napariverinsurance.com.

The post Napa River Insurance Services Names Suzanne Shields as Director appeared first on Napa River.

We encourage you to attend our upcoming  webinar entitled Navigating the Unknown Road Ahead: How Napa River Can Help You Reach Your Destination being held on Wednesday, July 29th from 2:00 PM – 3:00 PM EST.

The post 07.29.20 Webinar – Navigating the Unknown Road Ahead: How Napa River Can Help You Reach Your Destination appeared first on Napa River.

Napa River Insurance Services is taking a lead on the Coronavirus pandemic in an advisory role. We encourage you to attend our upcoming cosponsored webinar entitled Emergency Preparedness: Risk Management and Coronavirus Implications being held on Wednesday, March 18th from 2:00 PM – 3:00 PM EST.

The post 03.18.20 Webinar – Emergency Preparedness: Risk Management and Coronavirus Implications appeared first on Napa River.

July 31, 2017 Napa River Insurance Services Launches New Funds Control Service Napa River Insurance Services, Inc. (Napa River) launched its new offering, Funds Control Services, which is available exclusively to general and specialty trade contractors that purchase surety bonds through Hudson Insurance Company (Hudson). Serving as the intermediary between construction project owners and contractors, Napa River ensures that those who supply labor and materials to a Hudson-bonded project, including subcontractors and other third parties, are paid out of those contract proceeds.

“We are very pleased to expand capabilities in support of our bond facility and, in turn, enhance the credit-worthiness of Hudson’s surety clients,” said Christopher Morkan, Director of Napa River Insurance Services. “Our cutting-edge technology, which makes same-day payment possible, demonstrates our commitment to support clients’ business needs and places us ahead of the curve in many cases.”

Napa River is focused on its clients’ long-term success. By serving Hudson’s clients exclusively, it is in a unique position to provide an informed and holistic approach to managing surety contract funds. Funds Control Services are available to Hudson’s surety clients on a nationwide basis.

The post Napa River Insurance Services Launches New Funds Control Service appeared first on Napa River.

NEWS RELEASE

For immediate release Contact: Lisa Strasser, 203 977‐8030

Napa River Insurance Services Announces New Product Offering New York, NY – September 8, 2016 – Napa River Insurance Services, Inc. (Napa River), the third‐party administrator (TPA) wholly owned by Hudson Insurance Group (Hudson), today announced the expansion of its service offerings to include public entities and municipalities. Napa River was launched in 2014 as a full‐service provider of unbundled claims and risk management services to clients with self‐ insured retentions (SIRs). Napa River initially focused solely on the healthcare and transportation industries, the former being hospitals and physician groups and the latter trucking companies.

Napa River is led by Peggy Killeen, senior vice president and chief claims officer of Hudson. Christopher Morkan was appointed as Napa River’s director to manage its day‐to‐day operations in 2015.

“Napa River has grown out of Hudson’s core claims handling know‐how, leveraging its technology investments and best‐in‐class claims expertise,” said Ms. Killeen. “Using this strong foundation, Napa River can provide superior service at a reasonable price.” Christopher Gallagher, president and CEO of Hudson, said, “I am excited about Napa River’s ability to be an active partner in managing claims within the SIR. This is one more way we can help businesses — and public entities— protect their capital. The growth we are seeing is a testament to our people and their expertise.”

About Napa River Insurance Services  

Napa River Insurance Services, Inc. is a California domiciled third‐party administrator that provides superior claims and risk management services to clients in niche markets. Its employees are located in Napa, CA; Chicago; Indianapolis; New York and Avon, CT. Napa River is a wholly‐owned subsidiary of Hudson Insurance Company. For more information, visit www.napariverinsurance.com.

About Hudson Insurance Group

Headquartered in New York City with offices throughout the U.S. and in Vancouver, Canada, Hudson is a market‐leading specialty insurer that offers a wide range of property and casualty insurance products to corporations, professional firms and individuals through retailers, wholesalers and program administrators. Hudson Insurance Group is the U.S. Insurance Division of OdysseyRe, a leading worldwide underwriter of reinsurance and specialty insurance and wholly owned by Fairfax Financial Holdings Limited. For more information, visit www.hudsoninsgroup.com.

The post Napa River Insurance Services Announces New Product Offering appeared first on Napa River.