CFC introduces medical billings cover for US healthcare providers

Comprehensive policy provides protection against allegation of healthcare fraud and abuse, includes cyber and privacy cover

London, 12 September 2018 — Specialist insurance provider, CFC, has introduced a new product to its growing suite of healthcare insurance solutions available to US healthcare providers.

Allegations of healthcare fraud and abuse by government entities and private payers are more prevalent than ever before. CFC’s new Medical Billings insurance covers the defense costs of actual or alleged billings fraud as well as expenses arising from an independent audit on billing practices following an allegation of fraud.

Timothy Boyce, US Healthcare Team Leader at CFC, comments: “Since the formation of the False Claims Act, allegations of healthcare fraud and abuse have increased exponentially. Healthcare providers have to navigate a challenging and often confusing set of reimbursement guidelines which has seen the rate of billing errors rise above 30 percent. Our new Medical Billings product has been specifically designed to provide comprehensive protection following billing error allegations by the federal government, private payers or regulatory investigations.”

The policy also offers reimbursement for fines and penalties arising out of a range of medical regulatory violations including HIPAA-related fines and penalties, Stark law, EMTALA and Federal False Claims and Social Security Acts.

Its cyber and privacy insuring clause has been tailored to address the specific cyber exposures faced by healthcare companies and includes specific references to HIPAA and HiTECH legislation, as well as offering a separate section for extortion to address the growing threat of ransomware.

CFC’s Medical Billings product is the latest in its extensive portfolio of healthcare insurance solutions for US companies.

  • Launched last fall, CFC’s ground-breaking eHealth product now insures hundreds of US domiciled companies, offering telemedicine related services to the US military and Veterans Association in more than 70 countries. Providing a blend of medical malpractice, tech E&O and cyber, the policy is designed to eliminate the gaps present in traditional insurance offerings for digital healthcare companies..
  • CFC’s healthcare suite also includes tailored solutions for allied health and medical practitioners working in a wide range of specializations, long term care facility providers, and businesses and individuals working in the health & wellness arena.
  • A leading provider of cyber insurance, CFC launched an expanded version of its standalone cyber policy for US healthcare providers in April.

“We’re constantly reviewing the needs of the healthcare industry, as well as the changing regulatory landscape, to ensure we’re offering valuable, compelling solutions to our US healthcare insureds” adds Boyce.

For more information, please head to the Medical Billings product page.

Webinar: US Food & Beverage Recall Landscape Update

Yesterday we held a webinar which discussed the Food and Beverage Recall Landscape in the USA. 

The risk landscape for food & beverage manufacturers in the US is changing dramatically – picky millennial consumers are growing less tolerant of allergens and food quality issues, the FDA is making a push for greater efficiency and transparency in its recall process, and an increasing number of retailers and grocery stores are mandating recall insurance for their suppliers.

You can watch the webinar here and download the slides here.

Web-based corporate email compromises rapidly increasing

The CFC Incident Response team has seen a surge in cybercrime against corporate web-based email accounts, like Office 365. Criminals compromise corporate email accounts by reusing credentials from well-known public data breaches to guess employee passwords.

Once they have access, they use these accounts to perpetrate funds transfer fraud and send malicious emails. Recent cyber claims made to CFC indicate that even strong or complex passwords are often not enough to protect employee email accounts from compromise.

Enable Multi-Factor Authentication to Prevent Email Compromise

Multi-factor authentication can improve the security of web-based email accounts by requiring an additional verification step for any external connection to email (for example: a code generated by a mobile app or through an SMS message). Most email systems provide multi-factor authentication and will allow users to establish ‘trusted devices’ to reduce the inconvenience of entering a code every time they log in. CFC encourages all clients to consider implementing multi-factor authentication to improve the security of their web-based emails systems.

Additionally, it is critical that IT administrators enable the right logging in the event that your mailbox is compromised as it can help you determine if attackers have compromised your private data. Properly configured, email systems such as Office 365 even allow you to set up alerts in the event certain security conditions are met which can help you quickly catch the attacker.

By default, Office 365 has limited logging of security events, and needs to be manually configured to make the investigation of suspected compromises possible. It is strongly recommended that all of the below stages are completed to enable an effective investigation in the event of an incident.

The three phases are as follows:

  1. The Unified Audit Log search must be turned on (documentation here)
  2. Mailbox Auditing must be enabled for all accounts (documentation here)
  3. Mailbox Owner events must be enabled (PowerShell script available here, API documentation here (look for the – AuditOwner section))

Additional Resources:

If you are using Office 365 for your business, you can find more information about enabling multi-factor authentication at no cost from Microsoft’s web site here. In addition, you can find information on how to enable mailbox auditing in Office 365 here. Lastly, Office 365 has a page for assessing how secure your configuration is, called the Secure Score, which is available here

Cyber Claims Case Study: Reputational Repercussions – Online Retailer Grapples with Data Breach

This month’s cyber claims case study tells the story of an online retailer that had to notify over 90,000 customers following a breach of credit card details, leading to a damaged reputation and subsequent income loss. To find out how our policy responded, read the full case study here.

The key takeaway points are as follows:

  • As businesses become increasingly dependent on their computer systems to perform critical elements of their operations, it comes as no surprise that financial losses due to system outages are becoming both more frequent and severe. However, brokers and their clients shouldn’t focus solely on system outages when it comes to business interruption.
  • Often referred to as consequential reputational harm, business interruption as a result of a data breach is starting to impact many organisations and can be equally as disruptive as a system outage. In such cases, even though an insured may not have suffered any meaningful system downtime, they can suffer serious reputational harm in the eyes of their customers and suppliers, resulting in a subsequent drop-off in income.
  • The financial impact of a cyber incident can be long-lasting and the value of having longer indemnity periods in cyber policies is becoming increasingly apparent. The insured’s policy with CFC had a 12-month indemnity period in place, but many cyber policies only offer 3-6 month indemnity periods as standard. In this case, had the policyholder only had a 3 month indemnity period, they would only have been eligible to claim for three months’ worth of lost profits rather than 12.

Although the insured was based in the US, the importance of having reputational harm cover will become increasingly relevant to most organisations outside of the US as well. The notification requirements introduced by the GDPR, the Notifiable Data Breaches Scheme in Australia and the Digital Privacy Act in Canada will mean that notifying customers of data breaches will become more common and the risk of consequential reputational harm will increase.

Read the full case study here.

We Write That

We know that businesses come in all shapes and sizes, from global multi-nationals to small independent shops, and the goods and services these companies provide vary just as widely.

CFC provides insurance for companies across hundreds of sectors in over 75 countries, and while many of our clients come from what we’d consider traditional industries, we’re no stranger to the unusual.

Here’s a look at just a few of the interesting, and sometimes unexpected risks we write:

Animal Therapy
Who wouldn’t benefit from an animal cuddle? Animal therapists use animals – like horses, dogs, cats, pigs, and birds – to enhance and complement the benefits of traditional therapy, helping patients reduce anxiety, improve self-esteem and address a variety of medical conditions.

These practitioners provide a form of therapy, so they’re required to buy Errors and Omissions insurance along with General Liability, which we can cover in one policy. Animal therapy businesses will be covered under our Allied Health & Medical product.

Tequila Yoga
Yep, you read that right, tequila and yoga. Need we say more? An unconventional take on a typical yoga class, these businesses will offer a fun tipple before, during or after a workout. We guess they call that hair of the downward dog!

The availability of alcohol changes the nature of this otherwise typical fitness club risk. Many insurers shy away from risks with liquor exposures, but offering alcohol – whether tequila, wine or beer – is becoming more common at health and wellness facilities like spas. We recognize that these risks aren’t a typical liquor exposure, and can include liquor liability when underwriting these accounts.

Equine photography
For horse lovers, capturing the connection between owner and animal through photos can be just as important as capturing their yearly family portrait. These photographers specialize in working with horses to produce one-of-kind portraits and action shots.

Photographers like these need to protect themselves from claims arising out of breach of contract and intellectual property infringement. Our Media policy is purpose-built for photographers of any breed to ensure they are protected while capturing that perfect shot!

Free throw, slapshot, and hole-in-one competitions
Whether basketball, hockey or golf, one common tactic to engage eager fans is to offer a lucky spectator the chance to win a large prize (and become a local star) by making a once-in-a-lifetime shot.

We cover the financial costs should there be a particularly talented – or just plain lucky – contestant.

Microblading & Vampire Facials
Innovation abounds in the beauty business. Microblading uses tiny needles in the shape of a blade to apply a semi-permanent tattoo, promising patients better looking brows. Vampire facials (PRP therapy) on the other hand, promise anti-aging benefits by injecting the patient’s own blood back into their face.

Both these and other unique beauty treatments and procedures, are often covered under our Health & Wellness product.

For more about CFC’s insurance products or the industries we cover, click here.

Webinar Registration: Backup Breakdown

Join us on Wednesday 29 August as we explore how an engineering firm lost access to all of its data – including technical drawings, prints and complex design specifications – as the result of a cyber incident in this deep dive of our cyber claims case study. 

In this webinar, you’ll learn:

  • How a small engineering firm were impacted by the global WannaCry ransomware attack
  • How their loss was compounded by a failure in their back-ups, resulting in the firm losing 3 years’ worth of data
  • How CFC’s cyber insurance policy helped calculate and cover the financial loss associated with data re-creation

You can read the case study here.

Sign up for the session in your time zone today!

UK | 11am BST | Wednesday 29 August

Canada | 12pm EDT | Wednesday 29 August

US | 12pm EDT | Wednesday 5th September

Webinar: Top Cyber Insurance Myths Debunked

Today, Lindsey Nelson, International Cyber Team Leader at CFC, held a webinar on debunking the top six cyber myths.

We explored common cyber insurance misunderstandings and objections we hear from clients, and how to overcome them.

We also have a handy article you can download here.


UK | Cyber Claims Case Study: Backup Breakdown – Engineering Firm’s Files Wiped Out By Ransomware | 11am BST, Wednesday 29 August

Canada | Cyber Claims Case Study: Backup Breakdown – Engineering Firm’s Files Wiped Out By Ransomware | 12pm EDT, Wednesday 29 August

Australia | WannaCry & NotPetya: Impact on Australian SMEs | 5pm AEST, Tuesday 4 September

UK | WannaCry & NotPetya: Impact on UK SMEs | 2:30pm BST, Tuesday 4 September

More to be added soon…



Cyber is one of the hottest topics in insurance and, as a line of business, it’s projected to experience phenomenal growth in the years ahead. But cyber is still a relatively new market, and can be made unnecessarily complex by industry jargon, buzzwords of the day, and a lack of standardization in policy wordings. As such, many companies find themselves confused about how cyber insurance actually works and are skeptical about whether it makes sense for their business to purchase a policy.

To clear up the confusion, here are six of the most common misunderstandings that businesses tend to have about cyber insurance and how to overcome them.


Did you know we’re also running a webinar on this topic? You can sign up here!



The short answer:
No matter how much a company invests in IT security, they will never be 100% secure. The purpose of an insurance policy is to respond in the event that the worst happens.



The short answer:
Even if you outsource your IT, the chances are you’re still liable. Assuming you’ll be successful in claiming back damages from a third-party is a risky gamble.



The short answer:
Any business that relies on a computer system to operate, whether for business critical activities or simply electronic banking, has a very real cyber exposure.



The short answer:
Cyber criminals target the most vulnerable companies, not just the most valuable.



The short answer:
Some overlaps exist (as they do with all lines of insurance) but traditional insurance policies lack the depth and breadth of standalone cyber cover, and won’t come with experienced cyber claims and incident response capabilities.



The short answer:
The number of cyber claims continues to rise, in terms of both frequency and severity, and insurers are paying them.


You can download the full article here.


Webinar: IP Insurance Explained

Today, Erik Alsegård, Intellectual Property Practice Leader at CFC, held an introductory webinar on IP insurance. 

In the modern competitive economy intellectual property has become a key asset to most companies. It’s no surprise that the stakes are often high when someone alleges that another company infringes on their patent, trademark, copyright or other intellectual property rights.

You can watch the webinar here and download the slides here.

Keep your eyes peeled for more IP webinars coming soon!

Webinar Registration: Top Cyber Insurance Myths Debunked

Cyber is one of the hottest topics in insurance, but can be made unnecessarily complex by industry jargon and a lack of standardization in policy wordings. It’s no surprise that many businesses find themselves confused about how cyber insurance actually works and skeptical about whether they actually need it.

Join Lindsey Nelson, International Cyber Team leader at CFC, as she discusses the top six cyber insurance misunderstandings and objections we hear from clients and how to overcome them.

Sign up for the session in your time zone today!

UK | 2pm BST | Wednesday 15th August

Australia | 5pm AEST  | Wednesday 15th August

Canada | 2pm EDT  | Wednesday 15th August