The State Of US Insurance Cyber Liability and Reinsurance Needs Rethinking for HDOs & Health Plans
Aug 31, 2019
TauruSeer Invited to Speak Reinsurance and Cyber Liability at Columbia Insurtech Collective
TauruSeer was recently invited to share our story and approach by the Hartford InsurTech Hub in Columbia, SC. As the only company speaking to Patient Safety, Healthcare Reinsurance, and Cyber Liability for health software and medical devices at
Columbia's Insurtech Collective, TauruSeer received plenty of attention. Why? Let's dig in.
What is Reinsurance?
The Motley Fool definition: "When insurance companies need to buy insurance for themselves, it's called reinsurance. Reinsurance is a form of insurance purchased by insurance companies in order to mitigate risk." Let's look at an example for context: A Health Plan Provider (e.g. Aetna, Blue Cross Blue Shield, United Healthcare, etc.).
Third-Party Risk Management in the Health Reinsurance Industry
Health Plan Providers (insurance companies) offer recommendations for medical devices and other health technologies embedded into national health plan policies. In our example, we referred to Diabetic Insulin Pumps and Constant Glucose Monitors (CGMs) with complementing mobile applications. Technologies and medical devices like these save lives, improve health and quality of life, and are indispensable for the treatment and management of medical conditions to further prevent the consequences of disease mismanagement.
However, issues can arise from the inappropriate deployment, lifecycle management, and use of health technologies. Subsequently, for the Health Plans providing their approved selections and recommendations of health technologies, specifically software, mobile applications, and medical devices in their plan policies introduces liability. These liabilities offer significant risk and additional exposures - both for bodily injury and property damage claims.
Let's say for an example, a CGM's mobile application becomes obsolete overnight and no longer supports alerts for low blood sugar (also known as hypoglycemia), after mismanagement of the underlying technology. Defective or dangerous products like this could cause life-altering injuries or potential death and the responsibility may affect all distributors or "sellers" in the supply chain.
Health Plans and reinsurers of these insurance providers need a way to ensure trusted third-party software and medical devices they recommend in plans to move fast with confidence and security for the end patient's safety.
Why Healthcare Delivery Organizations and Health Plan Providers Need to Understand Healthcare Cyber Liability
Cyber liability insurance is designed to protect companies against lawsuits from third parties and fines and penalties from regulators. The goal of these policies is to address the risk exposure created by digital activities and products that patients depend on for their safety.
Healthcare Delivery Organizations and Health Plan Providers need extra assistance in understanding how the HIPAA Security Rule, NIST Cybersecurity, and HITRUST CSF® risk management framework can work together in helping to create a comprehensive product-centric risk management program.
Currently, there is target fixation on cybersecurity, which overlooks systemic operational problems that are producing many of the issues we have today with health technologies and products, including software, mobile applications, and medical IoT devices.
What about Software Product Security Liability?
Most executives are now aware and concerned about cyber liability and product liability, but shifting software liability into physical experiences can cause products to do strange and terrifying things.
The rush to sell software, applications, and IoT devices shouldn’t override the need to secure them during each stage, and continuously. However, for the sake of expediency, quality and security is less than optimal. This is a problem.
Software, particularly poor quality software filled with security weaknesses in medical consumer products, can cause damage and mean life or death. As more software is added to products we depend on, the liability for the quality of the software will become more common. The risk profiles of the software and devices measured on a more regular basis provides insight for risk mitigation measures to enhance product safety and prevent liability. This is why we built TauruSeer.
Our presentation is below:
Healthcare Delivery Organizations and Health Plan Providers should adopt strategies that reflect a systematic approach to build a comprehensive framework. We recommend five actions:
- Apply a proactive and comprehensive approach to third-party risk management, including continuous monitoring, real-time risk assessments, and escalation processes.
- Adopt TauruSeer, a fully automated Risk Maturity & Compliance Framework to enable SecDevOps.
- Design an explicit product-centric risk management framework to include third parties, defining ownership, governance, and alignment among stakeholders.
- Further invest in TauruSeer's product risk management platform by integrating tools, data management systems, end-to-end workflow, analytics, and actionable insights to increase efficiency.
- Continuously test for assurance of HITRUST CSF specifications mapped to products in your environment through measurable governance and risk remediation validation.
SHARE!
More news and blogs
Gula Tech Adventures, Lytical Ventures, and Dasein Capital lead Seed investment in Start Left™ Security, supported by other strong investors: DeepWork Capital, Florida Opportunity Fund, and Bootleg Advisors. JACKSONVILLE, FL, June 27, 2023—Start Left™ Security, powered by the patented Tauruseer Application Security Posture Management (ASPM) Platform and SPACE™ Behavioral Analytics, today announced that it has oversubscribed and closed $3.0 million Seed financing led by notable cybersecurity, data analytics, and artificial intelligence (AI) venture capitalists and industry experts. This demonstrates the market’s confidence in Start Left™ Security's vision and its ability to deliver innovative solutions that address evolving security threats.
Introducing Start Left™ Security: Embracing a New Name, a New Perspective in Security
Achieve SOC 2 Compliance and Security Posture Management Maturity with Minimal Spend Leveraging Tauruseer's differentiated Cloud-Native Application Protection Platform (CNAPP): Security Posture Analytics + Cognition Engine (SPACE ™ ), Purpose-Built for Growth SaaS Startups and Small to Midsize Businesses.
Designed to enable cloud-native innovators to quickly scale, become enterprise-ready, and transact on the Azure marketplace.
“ Cloud security posture (CSPM) incumbents launched traditional approaches leaving huge gaps, as they don’t understand the needs of modern DevOps pipelines or developers.
Business Leaders: Is your DinoCISOaur holding your company back, slowing innovation, upsetting developers, and placing business at risk?
JACKSONVILLE, FL, June 9, 2020 – Tauruseer is the proud official presenting partner for SAE International's 2020 Government and Industry virtual conference! This conference is an opportunity to explore how technology, regulations, and legislation will affect the design of aerospace and defense solutions in terms of software, hardware, and product integrity. Tauruseer co-founders have been invited to present at the SAE G-33 to the entire Configuration Management Committee on how a model-based enterprise, adopting concepts such as " Shift Left ", the Product Centric Risk Model ™ , Inventory of Intelligence ™ , Centralizing Monitoring , and Continuous Assurance drives the way DevOps is supposed to be. Tauruseer will demonstrate what true DevOps looks like and how Tauruseer's platform can provide demonstrable evidence of DevOps done right. Furthermore, they will walk through how Continuous Assurance enables organizations to fully embrace DevOps through holistic change, resulting in quantifiable benefits: Enhanced Situational Awareness across product portfolio Enterprise Visibility (human, product, and process threats) Efficiency gains (productivity on the right things) Decreasing costs (intentionally designed controls) Reduced complexity (robust decision support) VERIFIED Governance, Risk, and Compliance "GRC" (Continuous Assurance) Tauruseer will highlight real-world examples that shine a light on how technology that we depend on everyday can make a difference between life and death. While DevOps seeks to balance throughput, stability, quality, and speed, Tauruseer assures organizations there is not compromise in security, performance, and compliance while doing so- especially when lives are at stake. Sharing stories enables better collaboration when standards, regulations, and legislation needs updating to align with continuously evolving product development practices. JOIN THE CONFERENCE! TAURUSEER PRESENTATIONS TIME: 1:55pm EDT TOPIC: Software SecDevOps and Configuration Management (CM) – Understanding the Challenges Speakers: Larry Gurule, Jeremy Vaughan & Alex Borhani TIME: 3:10pm EDT – 4:00 pm EDT TOPIC: Software SecDevOps and Continuous Assurance (CA) – Achieving Management’s Goals and Continuous Improvement through appropriate Configuration Management (CM) Speakers: Larry Gurule, Jeremy Vaughan & Alex Borhani Virtual Details: WebEx G33 Meeting Meeting number: 622 476 853 Meeting password: June2020 Call-in number: 1-866-469-3239 INFO: SAE International's G33 standards are adopted and enforced by NATO, NASA, FAA, DOE, DOD, aspects of the European Union, and the European Space Agency for large federal suppliers contracted to provide tamper-proofed audit trails, traceability, and trusted reporting of managed compliance as it relates to Software Configuration Management and Continuous Assurance. Visit Tauruseer's website and ask for a demo to showcase a variety of GRC for DevOps use cases: Proactive Security Continuous Compliance Conduct & Culture Insider Threat Reporting
Part 1 in this series: “ Risk Enabled Growth: Business Strategies to Leveraging Risk & Capitalizing on Digital Growth Opportunities " included the perspectives of cybersecurity and integrated risk management expert Jeff Sauntry of Risk Neutral, privacy, risk, and compliance experts Rob Harvey and Greg Kraft of Online Business Systems, and business strategy, product innovation, and product security expert Jeremy Vaughan from Tauruseer Inc. Watch if your role involves: - Maximizing value creation achieved at the synergy of talent, tangible, and intangible assets - Enabling trusted digital experiences for employees, partners, and customers - Oversight for Strategic, Operational, Financial, Compliance or Reputation Risk as part of your organization's 3-Lines of Defense (3LoD) - Mitigating the potential disruptive impact of events and unlocking the economic potential of your organization's resources and assets
JACKSONVILLE, FLORIDA; ATLANTA, GEORGIA; TAMPA, FLORIDA; PORTLAND, OREGON; MINNEAPOLIS, MINNESOTA; CALGARY, ALBERTA; TORONTO, ONTARIO, WINNIPEG, MANITOBA; LONDON, ENGLAND ( PRWEB ) - OCTOBER 4, 2021 Online Business Systems (Online) and Tauruseer announce a partnership to deliver compliance sustainability through a robust SaaS solution that enables DevSecOps and CI/CD engineering, along with essential cybersecurity, cloud, and compliance services. With recent high-profile attacks driving U.S. Executive Orders for Critical Infrastructure Cybersecurity Performance and Software Bill of Materials (SBOM)-powered software supply chain security , this partnership comes at a pivotal moment in time as organizations and boards look to understand software risk and compliance on a portfolio basis. “ We are focused on helping our clients quickly discover, manage, and reduce the threats that pose some of the largest risks to their business ,” said Rob Harvey, Managing Director, Risk Security & Privacy, Online . “ By partnering with Tauruseer, our clients have access to a single platform for understanding and addressing security, governance, and compliance goals. Separating signal-from-noise across silos with the use of their cognitive engines — especially when a product team may require 20 to 50 tools — is something no point tool can do. We haven’t seen these capabilities before .” Solving Security and Compliance Sustainability Together DevSecOps is a combination of tools and workflows making software development and deployment faster, more reliable, and more secure. Tauruseer unifies all the risk data from all the tools, connecting people, processes, technologies, and behaviors. The platform allows end-users, operators, and analysts to configure product-centric software and infrastructure in a no-code manner that helps monitor and troubleshoot systems. The solution provides complete visibility across the DevSecOps infrastructure and allows users to analyze every layer of their operation. Online wraps their proven, robust risk, security, and privacy domain knowledge around the tooling, and its findings, to address the operational process needs and attestation tasks. Their portfolio of services is designed to solve cybersecurity and risk challenges the right way, the first time. This partnership solves critical challenges for clients. Whether it’s reducing the cost of compliance reporting, monitoring, measuring and analyzing every step of CI/CD pipelines, supporting security audits or developing custom dashboards and KPIs/KRIs for customers—the partnership provides an out-of-the-box solution. Organizations in various vertical markets such as financial services, payments, digital commerce, healthcare, energy, and government contractors will benefit from: Faster, more agile delivery and reduced time to market Improved security posture and reduced risk Reduced operational and development costs Improved customer experiences and satisfaction Environment-agnostic builds to avoid vendor lock-in Maintained audit ready compliance for less operational disruption “ Everyone wants to “shift left,” yet the reality is the tools and processes are built for developers, leaving cybersecurity out of the conversation. Online is a very exciting opportunity, already proving incredible expertise in solving cybersecurity problems and staying ahead with innovation. With our ‘no-code’ approach, security leaders are able to ramp up Product Security programs quickly without having to be a developer. Online’s ability to seek out solutions like this prove they go above and beyond to ensure customer success makes this a tremendous partnership ,” said Jeremy Vaughan, CEO Tauruseer . Using a shared support model, Online and Tauruseer provide value long after initial deployment through a service level agreement (SLA), defined professional services, and a commitment to future product innovation. The pricing is simple for end users wishing to purchase a single bundle with the option to include a SaaS subscription. The partnered offerings are available today. To discuss, please contact rsp@obsglobal.com or sales@tauruseer.com . About Online Business Systems Online Business Systems (Online) is a digital transformation and cybersecurity consultancy. Since 1986 Online has been using technology to deliver dramatic business results for companies throughout Canada, USA and EMEA. Their unsurpassed delivery, people, and the Online culture of loyalty, trust and commitment to mutual success set them apart. Today Online has over 350 business and technical consultants throughout Canada, US and EMEA. Online has been recognized on the “Best Workplaces in Canada” list for 15 consecutive years. For more information about Online or their services please visit https://www.obsglobal.com/ About Tauruseer Tauruseer is the Security Posture Analytics + Cognition Engine (SPACE) Platform. Powered by the patented Cognition Engine and PIRATE™ risk model, the platform was purpose-built to optimize DevSecOps performance, security, and compliance – enabling Security and IT professionals to intelligently adapt software delivery in real-time based on proactive insights across products, infrastructure, and development. Tauruseer helps product-led businesses establish and scale risk-based Application Security Posture Management , Software Supply Chain Security and Cloud-Native Application Protection Programs automatically and continuously—company-wide. The result is significantly reduced costs and risks — speeding up the business without sacrificing compliance needs or compromising security. Tauruseer was built by enterprise CTOs, CISOs, and a former Unit Chief for FBI Cyberterrorism. For more information, please visit https://www.tauruseer.com/ Media Contacts: Online Business Systems media@obsglobal.com Tauruseer Inc. media@tauruseer.com Links - Jacksonville Business Journal: Jax-based Tauruseer announces Canadian partnership
Start Left™ Security is a proactive security firm that partners with software product companies leveraging DevOps CI/CD and Cloud. Powered by the first product-centric security analytics solution, Start Left™'s SaaS platform combines patented technology that frees up resources to focus on facilitating software delivery and commercial value, rather than reacting to cyber risks.
