Last year was a sobering year for cyber risk, with major corporations and government agencies alike hit hard by data breaches and cyberattacks that cost millions of dollars. The Equifax breach compromised the personal information of almost half the U.S. adult population—143 million people. That public relations nightmare worsened when it was revealed that the credit tracking firm knew about the breach in mid-May 2017 but didn’t announce the hack until July 29, 2017.
No industry seems safe, with a 2017 Hartford Steam Boiler survey reporting that 53 percent of U.S. businesses have experienced a cyberattack. The survey reported that the most common consequence of attacks was data loss (60 percent), followed by business interruption (55 percent).
Consumer data in insurance: What’s at stake?
For insurers, the consequences of cyber risks to consumer data are serious. In 2015, Anthem, one of the nation’s largest health insurance companies, experienced a cyberattack that exposed the data of 80 million customers, including many Social Security numbers.
Even the best IT departments can make mistakes, and security vulnerabilities can leave insurers at risk for data breaches. In the event of a large-scale hack, insurers face both financial and reputational costs, because many individuals would be at risk for identity theft and other cyber scams.
Claims data and ISO ClaimSearch®: Who’s responsible?
ISO ClaimSearch® was developed for the benefit of all contributors, and for decades, the insurance industry has made better claims decisions and caught more fraud because of this system. But with these benefits comes a vital responsibility. All ISO ClaimSearch contributing companies share in the obligation to safeguard personally identifiable information and to ensure that the database is used only for approved purposes. That’s why there are restrictions on access to and use of this data as outlined in the ISO ClaimSearch Privacy and Security Policies.
Changes that make data protection simpler, better for companies in 2018
With the development of the visualized version of ISO ClaimSearch, companies have a better way to receive vital claim insights and protect consumers’ information. That’s because with visualized ISO ClaimSearch, companies are not receiving data files but instead are accessing all the data through the platform. In addition, personally identifiable information (PII), including Social Security numbers, are partially masked—with more PII masking to come in 2018. (Relevant PII will be available to SIU when needed for investigative purposes.)
What’s next?
Because visualized ISO ClaimSearch provides a greatly enhanced way to consume the information in our database and removes the burden of data protection from our customers, we will be discontinuing access to the traditional ISO ClaimSearch match reports as of July 1, 2019. We are also currently upgrading only the visualized version of the platform—a further incentive to upgrade. For companies that wish to retain certain data details not presented in the visualized format, we will work individually with you to set up access that complies with data protection procedures and authorized uses.
We are determined to continue providing best-in-class security for our customers as well as for the individuals whose data is contained in the ISO ClaimSearch database. The development of visualized ISO ClaimSearch and the universal industry adoption of it will be pivotal in the continued strong security of this information.
If your company wants more information about transitioning to the visualized version of ISO ClaimSearch, please contact ClaimSearchIntegration@verisk.com.