Data Privacy and Cybersecurity in Workers’ Compensation

A New Era in Healthcare 

Like much of the modern world, technology is changing healthcare. Specifically, the way that providers deliver care and the way that the industry manages claims. But as we build on our technological efficiencies, we also become more vulnerable to data breaches and hacking endeavors.

In the world of cybersecurity, hackers are constantly evolving their strategies and tactics to penetrate technological systems for their own personal gain. Currently, it is estimated that by 2021 there will be $6 trillion worth of damages due to cyber security attacks.

Cost is just one of the many reasons that Risk and Insurance’s survey of 669 workers’ compensation professionals ranked cyber risk as one of the top-10 challenges for 2020.2 The key to addressing this challenge? Understanding what hackers are looking for, where information is most vulnerable, and how to best protect information.

  1. What are hackers after? 

The reasons and motives for hackers vary. Some hackers aim to disrupt services for sport, while others do it to make a point. But the most dangerous hackers to the healthcare community are those that do it for personal gain, which can be accomplished by penetrating networks and demanding ransom or simply by stealing information. Typically, these money-motivated hackers are after information; specifically, personal information that can be used to assume a new personal identity, make purchases, transfer money, etc.

In the state of Alabama, personal information is defined as:3

  • Social Security number
  1. Where are healthcare entities most vulnerable?

As the healthcare industry has begun to incorporate more technology into day-to-day processes, the increase in operational and administrative efficiency has been accompanied by increased vulnerability to dangerous data breaches.

The four most common cyber vulnerabilities for modern healthcare entities:

  • Telemedicine data

Through the use of now widely available technologies, providers are able to remotely deliver quality care while optimizing operational capabilities across the board. For sick and injured workers alike, the ability to attend appointments from home is crucial to increasing satisfaction.

  • Online portals

Patients have the ability to access their critical information anywhere, anytime. Many of these portals provide extensive self-service capabilities to individuals and employers alike – revealing information on eligibility status, claims, insights and analytics, as well as payment information.

  • Predictive analytics outsourcing

Clinical decision makers are using data-driven predictive analytics more than ever before. A majority of Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) use some form of a predictive analytics platform in order to gain insight on claims data and to flag those claims that are identified as high-risk.

  • Automated claims processing solutions

Workers’ compensation firms are turning to automated claims processing solutions to save money on administrative spend. The increased level of efficiency allows adjusters to better focus their efforts across the board.

While each one of these tools bring immense value to the healthcare industry, each benefit is also accompanied by a significant increase in cyber vulnerability, providing a new entry point for either patients or a third party to more effectively access or automate critical processes. The problem is that these entry points are not always exclusive to their intended recipients. These breaches can be costly to everyone involved resulting in steep fines for HIPAA violations, reputational damage, and at worst, interruptions in care for injured workers.2

  1. How can I protect my members’ information from cybersecurity threats?

The primary point of discussion when talking about cybersecurity is always going to be how to stay ahead of the threat. In the workers’ compensation industry, this concern is magnified since critical data is always in motion with providers, adjusters, case managers, and vendors all sharing files and forms across different platforms at any given moment. 

In order to keep this data safe, companies in workers’ compensation need to implement a series of foundational administrative, technical, and physical controls that protect against data breaches. Each element works together to provide the overall security and serves as a fail-safe in the event that one element of the security is penetrated.

Administrative Controls4

Background checks, confidentiality agreements, privacy and security training, and policies and procedures


Technical Controls

Anti-virus, intrusion detection software, network segmentation, active web and email filtering


Physical Controls

Limited building access, use of key fobs, identification cards, card-based building access systems


While there is no such thing as a perfectly secure system, putting each of these elements together helps to decrease the risk of potentially harmful data breaches. It is essential for employers to keep their employees up to date with best practices. With everyone in an organization working together towards the goal of cybersecurity, informed companies can take several steps closer to a favorable outcome for all.



Looking for an experienced partner that can help you protect against data breaches?


What makes us different is the difference we make.  Experience the difference with THE FUND.