cyber insurance

Change Healthcare ™ Attack Highlights Often Overlooked Cyber Insurance Coverage

By Shawna Bertalot, CIC, ACI, WisMed Assure President

Shawna Bertalot

Many health care practices rely on a third party for access to their EMR and for billing. This creates a “contingent” or “dependent” risk. The February 21 cyberattack on Change Healthcare changed the world for many patients and health care providers. The March 14 and March 28 issues of Medigram included resource links and information on potential payment programs for Part A and Part B providers impacted. For practices and organizations that contracted with Change Healthcare™ to facilitate the electronic transfer of medical documentation and billing for all their insurance claims, revenue stopped, expenses continued and funding programs from Optum and CMS/Medicare have not been comprehensive solutions.

Cyber Insurance programs can provide additional coverage for a scenario like this, but only if the policy includes Business Income or Business Interruption coverage and includes Contingent Business Interruption or Dependent Business Interruption coverage. Without contingent or dependent coverage, your policy would only respond if the cyberattack were on your organization and would not respond if the attack were against a third party upon whom you are dependent. We discussed the importance of comprehensive cyber insurance in the November 2, 2023 issue of Medigram and the Fall 2023 issue of The Antidote.

Important Considerations for Cyber Insurance Coverage:

  • Cyber insurance policies do not always include contingent or dependent coverage.
  • Cyber coverage included as an add-on to other policies, like a business owners’ package or medical professional liability, typically do not include this coverage.
  • Business Interruption or Business Income options are not automatically covered.
  • Paying claims for cyber policies is complicated and typically requires forensic information technology and legal review to confirm the breach or attack. This can take weeks or months before any payment will be made.
  • Policyholders must provide proof of loss and that the incident in question directly resulted in the policyholder’s loss of income, without regard to whether an event has been widely reported in the news.
  • Deductibles and waiting periods will apply.
  • Reach out to the insurance carrier as soon as you become aware of an incident, before you hire your own consultants, and respond promptly and completely to their requests for supporting documentation. Your insurer will have specialized relationships at pre-negotiated rates.

If you are concerned about your Contingent or Dependent Risk and wondering if your current cyber insurance policy has coverage, how that coverage works or if you can obtain coverage, contact your WisMed Assure agent or

Note: This article is for informational purposes only and should not be considered as insurance advice related to your specific policy or situation. Please consult with a qualified insurance advisor or professional before making any policy decisions. Full disclaimer and contact information.

Winter 2024 Issue

Don’t Let Taxes Take a Bite Out of Your Finances: Common Errors to Avoid

By Mark Ziety, CFP®, AIF®, Senior Advisor, WisMed Financial

Crumpled tax form with money, calculator and notepad on the table.

Investing is a smart way to grow your wealth, and keeping more of it from taxes is even smarter.  Let’s explore some common tax mistakes investors make and how to avoid them.

Read more…

Change Healthcare™ Attack Highlights Often Overlooked Cyber Insurance Coverage

illustration of umbrella protecting computer screen from an attack

By Shawna Bertalot, CIC, ACI, WisMed Assure President

Many health care practices rely on a third party for access to their EMR and for billing. This creates a “contingent” or “dependent” risk. The February 21 cyberattack on Change Healthcare changed the world for many patients and health care providers.

Read more…

Disability and Life Insurance Taxation

Tax payment concept. State Government taxation, calculation of tax return. Blank tax form, calendar, magnifier, money, notebook, calculator, coins, glasses, watches, documents, computer.

By Chris Noffke, GBDS, CSFS, Vice President of Employee Benefits

Taxation of benefits is a unique and important topic. Many groups I work with want to make sure their employees are not taxed for an employer paid life insurance benefit and other clients want to ensure that if an employee becomes disabled, they do not have to pay taxes on their already reduced income.

Read more…

Tornadoes Can Strike in Seconds. Are You Ready?

photo of tornado

By The Hartford

Tornado season is upon us and could bring more storms in the months ahead. In fact, the U.S. experiences the most tornadoes of anywhere in the world.

Read more…

Tax Treatment of Long-term Care Insurance a Game Changer

Nurses, doctor and caregivers in nursing home take care of old men and women. Volunteers help aged people at home and hospital.

By Tom Strangstalien, Insurance Advisor

We put my dad into a nursing home on Monday. My mom had been his caretaker since he was diagnosed with a somewhat rare neurological disorder. My mom has been superwoman, a real- life example of a family member caring for a loved one.

Read More…

Your Medicare Update

Open Enrollment concept.

By Mary Krueger, Medicare Specialist

It’s early 2024 and its already time to explore Medicare options for 2025. Many Medicare enrollees want to look at what is suitable for their needs in the Medicare market. If you have started looking for yourself or someone else, there are many different ways to procure coverage.

Read More…

Life, Death and Taxes

Photo of a grandfather and his granddaughter loving autumn. Throwing leaves in the air.

By Lisa Koerner, Insurance Advisor

If you are looking for some creative ways to avoid paying taxes, don’t overlook the benefits of Life Insurance. There are several different types of life insurance policies to serve several different objectives, the greatest being a tax-free death benefit for your beneficiaries.

Read More…

Making Part D of Medicare brighter

photo of an elderly man looking at medications with his physician

By Mary Krueger, Medicare Specialist

As many of you on Medicare know, October 15 to December 7 is the Annual Election Period for Medicare Part D and Medicare Part C (Medicare Advantage). This often coincides with a flurry of research needed and concerns expressed by client recipients and this year was no exception.

Read More…

Nightmare before Christmas success story: cyber hacker stopped

By Shawna Bertalot, CIC, ACI, WisMed Assure President

Shawna Bertalot

Message from IT Manager: “Unusual activity has been detected on your exchange and our files cannot be backed up.”

This is not how any clinic administrator or managing partner wants to start their Monday morning, but exactly what happened to a long-time WisMed Assure client last December. This highly experienced, professional administrator of a 15-physician independent clinic with over 50,000 patient records was facing a situation she had never experienced before.

“These things always seem to happen over the weekend,” she noted as she recounted how she first learned about a hacker that had made repeated attempts using several different employee sign in credentials to access the clinic’s system. The Wisconsin Department of Justice contacted the clinic’s IT Manager regarding suspicious activity.

Her first questions were, “What exactly is happening? What access or information have they gained? And how do we stop them?”

Her first call was to an outside IT vendor the clinic had used in the past. She was immersed in trouble shooting the immediate issues and it wasn’t until about a week later that she remembered that they have Cyber Liability Insurance and called WisMed Assure.

“In hindsight, that should have been first call, and it is in our policies and procedures now,” she said.

The cyber insurance carrier was extremely responsive. Most policies say that the insurance carrier will select the IT, Legal and other vendors because they have pre-approved and negotiated rates to save everyone time and money. The carrier made an exception and approved the IT vendor the clinic had first contacted so the investigation could proceed.

It took approximately 10 days to identify exactly what was happening, confirm patient and clinic data was secure and develop a plan to stop the attacks. That plan involved removing and restoring Microsoft Exchange, blocking access, using temporary email addresses and ultimately completely rebuilding the clinic’s network. Fortunately, no personal health or personal financial information was breached. The insurance carrier also hired legal counsel to review the forensic IT reports and confirm that no notifications were necessary.

Fortunately for this clinic the hacking attempts were caught and stopped before there was any access to confidential data or impact to patient care. It’s not hard to imagine the stress, worry and disruption this caused the clinic administrator, partners and staff. The IT forensic and legal consulting fees were very costly. The bulk of the investigation and restoration expenses were covered by the insurance policy. The clinic decided to assume some costs to move to cloud-based hosting and implement some additional measures to upgrade their security.

The clinic manager concluded “we learned a lot about what to do and not to do when something like this happens again,” and she believes, “It’s not a matter of if, but when.” She was very appreciative they had robust cyber insurance with a carrier that was responsive and successful in stopping a hacker that could have caused a lot more damage.

If you want more information about cyber threats and insurance coverage, contact your WisMed Assure agent or

Note: This article is for informational purposes only and should not be considered as insurance advice related to your specific policy or situation. Please consult with a qualified insurance advisor or professional before making any policy decisions. Full disclaimer and contact information.

Cyber Incidents on the Rise

As noted in the Winter 2022 Antidote article exploring cyber liability trends, cyber incidents are on the rise – ransomware especially. The Sophos State of Ransomware 2022 report found that:

  • Ransomware hit 66% of mid-sized organizations surveyed last year, up from 37% in 2020.
  • The average cost to an organization to rectify a ransomware attack in 2021 was $1.4 million.
  • 97% of organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position.
  • 98% that were hit by ransomware and had cyber insurance that covered ransomware said the policy paid out in the most significant attack.

For additional information regarding cyber liability insurance, contact Jim Davis at or call 608.442.3728.

Cyber Liability Trends Continue in 2022

Jim Davis

By Jim Davis, WisMed Assure Vice President Medical Professional

As companies shifted to more virtual work, cybercriminals took advantage of every slight vulnerability. So, let’s review some cyber security basics, specifically focusing on why health care professionals and organizations are the most vulnerable to cyberattacks, what their greatest vulnerabilities are and what risk mitigation you must have in place to even qualify for insurance these days.

Most Common Cyberattacks

Cyberattacks impact businesses of all sizes, from global corporations to small startups. Though smaller businesses may think they are too small to be targeted, it’s quite the opposite. Cybercriminals specifically target smaller health care facilities knowing that they are unlikely to have implemented adequate endpoint security. Most successful cyberattacks occur because of human error. It only takes one exposed file or answered phishing email to cause a massive data breach. These are the most common cyberattacks:

  • Ransomware – This malware denies the victim access to their data unless they pay a ransom to the attackers.
  • Phishing – This attack consists of fraudulent emails sent inconspicuously with malicious files attached intended to gain access to the victim’s device.
  • Password Attack – By accessing a victim’s password, cybercriminals can gain entry to critical data and computer systems.
  • Denial of Service (DoS) Attack – In this attack, cybercriminals flood systems and networks with traffic to overload its bandwidth so the owners are not able to operate their system. 
  • Internet of Things (IoT) Attack – Hackers can gain entry through any end point and then access other devices in the network. 

Most Targeted Industries

Cyber perils are currently the most significant concern for all industries, but some business sectors are hit harder than others. According to Forbes, this is the rate that cyberattacks have increased from 2020 to 2021.

  • Health care – 71%
  • Insurance/Legal – 68%
  • Internet Service Providers – 67%
  • Financial/Banking – 53%
  • Government – 47%

Top Five Underwriting Requirements

The basic requirements that need to be in place for an insurance carrier to underwrite cyber liability insurance for medium to large health care facilities is unchanged for 2022, and are as follows:

  • MFA/Multifactor Authentication – a security process that requires two or more validation factors to verify a user’s identity, such as a six-digit code via a mobile phone in addition to a username and password.
  • Cloud based back-ups.
  • Ability to bring systems back up within 10 days.
  • Ongoing phishing training.
  • Endpoint Detection & Response System (EDR) – an endpoint is any device that is physically an end point on the network, such as laptops, tablets and mobile phones. These end points can be entry points for a cyber breach. EDRs continuously monitor and identify threats to contain and remove them. EDRs should also be cloud based.

For additional information regarding cyber liability insurance, contact Jim Davis at or call 608.442.3728.