- Who is Corvus?
- What is the difference between the new cyber insurance and the previous cyber insurance?
- Why did TMLT switch?
- Why is there now a deductible?
- How much is the deductible?
- Do I need to do anything when the change in coverage occurs?
- When will this take effect?
- What kind of higher limits on cyber do you offer?
- Do I need higher limits?
- How do I purchase higher limits?
- How do I pay for higher limits?
- Is there a deductible on the higher limits?
- What do I do if I have a cyber claim?
The Corvus Scan
- What is the Corvus Scan?
- What are you scanning for?
- Who conducts the scan?
- Is my information safe?
- Will it slow my system down when the scan occurs?
- Can I opt out of the scan?
- What do I do with the information from the scan?
- Do I have to fix what’s on the report? What if cannot address the issues found in the scan?
- Will the scans affect my rate?
- Who do I contact if I have questions about the scan?
- Does having a Corvus Scan mean I don’t need a cyber risk assessment?
Who is Corvus?
- Corvus Insurance is an insurance technology firm that uses machine learning and other tech to help predict and prevent cyber claims. Founded in 2017 and based in Boston, MA, Corvus offers some of the strongest cyber risk management tools available. We are eager to offer these tools and services to our policyholders.
- “We’re underwriters, data scientists, product builders and engineers united by a mission: to make the world a safer place by helping organizations mitigate or eliminate the impact of adverse events.” — Corvus Insurance
What is the difference between the new cyber insurance and the previous cyber insurance?
- The cyber liability coverage offered by Corvus Insurance is equivalent to the coverage offered by our current cyber partner, Tokio Marine. The primary exception is that there is now a deductible. Those who report a cyber claim under the revised coverage will be required to pay a $2,500 deductible. (There was no deductible under our previous coverage.)
- Another difference will be in the level of service you will receive if you report a cyber claim and in the types of cyber risk management services that will be available to you.
Why did TMLT switch?
- Because very specific underwriting and claims expertise is required for cyber liability coverage, TMLT uses outside business partners to manage this coverage.
- After an in-depth analysis in 2020, we determined that it would be best for our policyholders if we changed business partners and began using more advanced tools and services in the cyber liability area. Corvus Insurance offers these advanced services and more. Think of it as going from Cyber Liability 1.0 to Cyber Liability 3.0.
Why is there now a deductible?
- Cyber liability coverage protects you for network security and privacy-related exposures, such as lost or stolen laptops or theft of patient data. These types of incidents are on the rise across all industries and sectors, but especially in health care. With the increase in cyber incidents comes the increase in the number of cyber claims filed.
- Deductibles help insurance companies share costs with policyholders when they make claims.
How much is the deductible?
- The deductible is $2,500.
Do I need to do anything when the change in coverage occurs?
- The changes to your cyber liability coverage will be automatically applied to your account when you renew your policy. You will receive details about these policy updates with your policy renewal materials.
When will this take effect?
- The change will take effect for all policies renewed after July 1, 2021. The changes to your policy will be applied to your account at renewal. You will receive details about these policy updates with your policy renewal materials.
What kind of higher limits on cyber do you offer?
- Limits included with your TMLT and cyber liability coverage are:
- Physician: $100,000 per claim / $100,000 per policy period
- Entities: $100,000 per claim / $500,000 per policy period
- Higher limits of up to $3 million are available for purchase.
- For dentists covered under Lone Star Alliance (LSA), the limits are $50,000 per claim / $50,000 per policy period.
- About limits — The limits of coverage spell out the maximum amount your policy will pay. With our cyber liability coverage, there are two limits. The first limit is the maximum per claim (known as “each claim”), while the second limit is the maximum paid during the policy period (known as “all claims”).
Do I need higher limits?
- In general, insurance companies cannot tell you what limits to carry. But you can speak with colleagues who practice in your specialty and who have similar practice set ups to see what limits on cyber they carry. Your insurance agent or IT service provider may also recommend limits based on your practice situation.
How do I purchase higher limits?
- You will be able to request a quote and purchase higher limits through a secure website (available soon).
How do I pay for higher limits?
- This can be done through a secure website (available soon).
Is there a deductible on the higher limits?
- The same deductible of $2,500 applies to the policy regardless of the limits chosen.
What do I do if I have a cyber claim?
- Please report the claim by calling 800-580-8658. Once you’ve made the report, you will be given further instructions. Please note, that you must report cyber claims no later than 60 days from the date you received notice of the cyber event.
The Corvus Scan
What is the Corvus Scan?
- The Corvus Scan is a non-invasive scan of your practice’s public-facing website to detect any cyber vulnerabilities. Once the scan is complete, Corvus will provide you with a report of any risks and vulnerabilities. It’s like a practice review for your systems.
- After the initial report is delivered, Corvus will continue to monitor your site for new threats. A new scan and new report will be sent quarterly. Read more about the Corvus Scan.
What are you scanning for?
- Many of us don’t realize it, but there is a great deal of information about your practice’s IT infrastructure visible to the world at all times. It is typically available through your practice website.
- The Corvus Scan looks at this information. The scan looks at obvious aspects, such as your public-facing website, and the less obvious ones, such as vulnerabilities in software embedded in your web applications. The Corvus Scan sees the same information a malicious actor would.
- Once the scan is complete, you will be sent a Dynamic Loss Prevention (DLP) Report that details any risks and vulnerabilities found. Some of the details will be of a low priority, presented as purely informational. Others may be critical to your cyber security. All the information represents clues about where a malicious actor might see vulnerabilities and find a way into your systems.
- For example, the scan may reveal that you are running outdated web software, or that web encryption is not set up right. There might be websites and web applications still public that you had forgotten about. And the scan might also tell you about well-known vulnerabilities within your operating system that need to be patched.
- Following the first scan, Corvus will continue to monitor your practice site for new threats. A new scan and a new DLP Report will be sent quarterly.
Who conducts the scan?
- Corvus Insurance — our new cyber liability partner — conducts the scan.
Is my information safe?
- Yes. Your private scan information and the Dynamic Loss Prevention Report are stored securely by Corvus.
Will it slow my system down when the scan occurs?
- No. The Corvus Scan will not slow down your system.
Can I opt out of the scan?
- At this time, we encourage all policyholders to participate in the scans. The Corvus Scan is one of the strongest cyber risk management tools out there, and we want everyone to take advantage of it.
What do I do with the information from the scan?
- The specific vulnerabilities discovered and sent to you in the Dynamic Loss Prevention (DLP) Report are paired with recommendations. These recommendations are drawn from cyber security best practices and weighted by severity and by the potential to improve your security. They are written in clear language so you can understand the vulnerabilities and take action.
- We recommend that you discuss the DLP Report with your IT service provider.
Do I have to fix what’s on the report? What if cannot address the issues found in the scan?
- While you do not have to address the vulnerabilities discovered, we strongly recommend that you do. Share the Dynamic Loss Prevention Report with your IT staff or your IT service provider for their recommendation on where to start.
Will the scans affect my rate?
- No. The score you receive on your Corvus Dynamic Loss Prevention Report will not affect the rate you pay for your medical liability coverage.
Who do I contact if I have questions about the scan?
Does having a Corvus Scan mean I don’t need a cyber risk assessment?
- Not at all. Under the federal privacy and security rules, all medical practices are required to conduct a risk assessment. Risk assessments help ensure that practices are compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information could be at risk.
- The Corvus Scan does not meet the requirements for a cyber risk assessment.
- Information about TMLT’s cyber risk assessment is available here.