Health records, private information up stakes for cyber security

When developing mobile platforms for workers compensation claims, insurers need to take basic measures to brush up on their cyber security protections and pay close attention to evolving privacy laws, experts say.

With workers comp claims, insurers have to protect not only health records but also Social Security numbers and personally identifiable information, said Michelle Leighton, vice president and senior claim consultant for Conner Strong & Buckelew based in Marlton, New Jersey. Whether that data is transmitted through an app or a website, insurers still have to work to protect it, she said.

Insurers should consider hiring outside consultants to review their cyber security practices and conduct employee training regarding phishing messages or what information not to release, Ms. Leighton said.

Insurers need to be aware of disgruntled employees who may be distributing protected claimant information, said Tom Ketcham, chief information officer and executive vice president of Warrenton, Virginia-based Intensity Analytics Corp.

Claimants and insurers can verify whether their insurers are taking simple measures to safeguard their data by asking for a copy of their privacy or cyber security policy or asking about their encryption practices, Mr. Ketcham said.

To improve their security measures, insurers can tap into "passive biometrics," Mr. Ketcham said. For example, "The way that you draw your finger across the screen is unique to you." he said.

Using such characteristics are an alternative to using biometric verification methods like facial recognition, which he is concerned about due to the possibility of hackers stealing such irrevocable identifiers.

“You need something beyond just a user name and password to make sure it’s actually (the claimant),” Mr. Ketcham said. “As we move into a big data world, the most important thing is how do we connect a physical person to a data event?”