Cyber coverage FAQs

April 28, 2021

The Corvus Scan


Who is Corvus?

  • Corvus Insurance is an insurance technology firm that uses machine learning and other tech to help predict and prevent cyber claims. Founded in 2017 and based in Boston, MA, Corvus offers some of the strongest cyber risk management tools available. We are eager to offer these tools to our policyholders.
  • “We’re underwriters, data scientists, product builders and engineers united by a mission: to make the world a safer place by helping organizations mitigate or eliminate the impact of adverse events.” — Corvus Insurance


What is the difference between the updated cyber insurance and the previous cyber insurance?

  • The updated cyber liability coverage we are offering is equivalent to the cyber liability coverage offered by our previous partner, Tokio Marine. Those who report a cyber incident under the revised coverage will be required to pay a $2,500 deductible. (There was no deductible under our previous coverage.)
  • Another difference will be in the level of service you will receive if you report a cyber claim and in the types of cyber risk management services that will be available to you.


Why did TMLT switch?

  • Because very specific underwriting and claims expertise is required for cyber liability coverage, TMLT uses outside business partners to manage this coverage.
  • After an in-depth analysis in 2020, we determined that it would be best for our policyholders if we changed business partners and began using more advanced tools and services. Corvus Insurance offers these advanced services and more. Think of it as going from Cyber Liability 1.0 to Cyber Liability 3.0.


Why is there now a deductible?

  • Cyber liability coverage protects you for network security and privacy-related exposures, such as lost or stolen laptops or theft of patient data. These types of incidents are on the rise across all industries and sectors, but especially in health care. With the increase in cyber incidents comes the increase in the number of cyber claims filed.
  • Deductibles help insurance companies share costs with policyholders when they report claims.


How much is the deductible?

  • The deductible is $2,500.


Do I need to do anything when the change in coverage occurs?

  • No. The changes to your cyber liability coverage will be automatically applied to your account when you renew your policy. You will receive details about these policy updates with your policy renewal materials.


When will this take effect?

  • The change will take effect for all policies renewed after July 1, 2021. The changes to your policy will be applied to your account at renewal. You will receive details about these policy updates with your policy renewal materials.


What kind of higher limits on cyber do you offer?

  • Limits included with your cyber liability coverage are:
    • Physician: $100,000 per claim / $100,000 per policy period
    • Entities: $100,000 per claim / $500,000 per policy period
  • For dentists covered under Lone Star Alliance (LSA), the limits are $50,000 per claim / $50,000 per policy period.
  • About limits — The limits of coverage spell out the maximum amount your policy will pay. With our cyber liability coverage, there are two limits. The first limit is the maximum per claim (known as “each claim”), while the second limit is the maximum paid during the policy period (known as “all claims”).
  • Higher limits are available, including $500,000, $1 million, $2 million, $3 million, $4 million, $5 million, and $10 million.


Do I need higher limits?

  • In general, insurance companies cannot tell you what limits to carry. But you can speak with colleagues who practice in your specialty and who have similar practice set ups to see what limits on cyber they carry. Your insurance agent or IT service provider may also recommend limits based on your practice situation.


How do I purchase higher limits?

  • To request a quote or purchase higher limits please contact Michael Litman or call 800-580-8658 extension 5937.


How do I pay for higher limits?

  • You will receive an invoice for your higher limits premium amount.


Is there a deductible on the higher limits?

  • The same deductible of $2,500 applies to the policy regardless of the limits chosen.


What do I do if I have a cyber claim?

  • Please report the claim by calling 800-580-8658. Once you’ve made the report, you will be given further instructions. Please note, that you must report cyber claims no later than 60 days from the date you received notice of the cyber event.


I currently have a Medefense Plus policy with Tokio Marine HCC with higher limits for both Medefense and Cyber Liability. When my TMLT policy renews in 2021, how will my coverage be affected?

  • Please contact Michael Litman or call  800-580-8658, extension 5937 for information specific to your policy.


The Corvus Scan


What is the Corvus Scan?

  • The Corvus Scan is a non-invasive scan of your practice’s public-facing website to detect any cyber vulnerabilities. Once the scan is complete, you can download  a report listing any risks and vulnerabilities. It’s like a practice review for your systems.
  • After the initial report is downloaded, Corvus will continue to monitor your site for new threats. A new scan and new report will be available annually. Read more about the Corvus Scan.


What are you scanning for?

  • Many of us don’t realize it, but there is a great deal of information about your practice’s IT infrastructure visible to the world at all times. It is typically available through your practice website.
  • The Corvus Scan looks at this information. The scan looks at obvious aspects, such as your public-facing website, and the less obvious ones, such as vulnerabilities in software embedded in your web applications. The Corvus Scan sees the same information a malicious actor would.
  • Once the scan is complete, you will be sent a Dynamic Loss Prevention (DLP) report that details any risks and vulnerabilities found. Some of the details will be of a low priority, presented as purely informational. Others may be critical to your cyber security. All the information represents clues about where a malicious actor might see vulnerabilities and find a way into your systems.
  • For example, the scan may reveal that you are running outdated web software, or that web encryption is not set up right. There might be websites and web applications still public that you had forgotten about. And the scan might also tell you about well-known vulnerabilities within your operating system that need to be patched.
  • Following the first scan, Corvus will continue to monitor your practice site for new threats. A new scan and a new DLP Report will be sent annually.


Who conducts the scan?


Is my information safe?

  • Yes. Your private scan information and the Dynamic Loss Prevention report are stored securely by Corvus.


Will it slow my system down when the scan occurs?

  • No. The Corvus Scan will not slow down your system.


Can I opt out of the scan?

  • At this time, we encourage all policyholders to participate in the scans. The Corvus Scan is one of the strongest cyber risk management tools out there, and we want everyone to take advantage of it.


What do I do with the information from the scan?

  • The specific vulnerabilities discovered and sent to you in the Dynamic Loss Prevention (DLP) report are paired with recommendations. These recommendations are drawn from cyber security best practices and weighted by severity and by the potential to improve your security. They are written in clear language so you can understand the vulnerabilities and take action.
  • We encourage you to discuss the DLP report with your IT service provider.


Do I have to fix what’s on the report? What if cannot address the issues found in the scan?

  • While you do not have to address the vulnerabilities discovered, we strongly recommend that you do. Share the Dynamic Loss Prevention report with your IT staff or your IT service provider for their recommendation on where to start.


Will the scans affect my rate?

  • No. The score you receive on your Corvus Dynamic Loss Prevention report will not affect the rate you pay for your medical liability coverage.


Who do I contact if I have questions about the scan?


Does having a Corvus Scan mean I don’t need a cyber risk assessment?

  • Not at all. Under the federal privacy and security rules, all medical practices are required to conduct a risk assessment. Risk assessments help ensure that practices are compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information could be at risk.
  • The Corvus Scan does not meet the requirements for a cyber risk assessment.
  • Information about TMLT’s cyber risk assessment is available here.

No Previous Articles

Next Article
Updated cyber liability coverage
Updated cyber liability coverage

Updates to TMLT and LSA cyber liability coverage that take affect after July 1, 2021