Warning Signs of a Data Breach

2020 Alliance sponsor feature article courtesy of Apex Technology

In the modern economy, data breaches are no longer the stuff of spy movies and science fiction thriller novels. They’re common place, and in 2019, data breaches cost businesses an average of $3.92 million – per incident! Can you afford a multi-million dollar payout to cover damages to your clients? Do you want to close your doors for good 6 months after the incident like 60% of all companies who fall victim to such attacks? Our team of IT specialists at Apex Technology want to help protect your organization from a costly data breach. Below we’ve compiled some indicators that your business might be at risk, followed by steps you can take internally before calling our team to learn more about how we’ve integrated cybersecurity measures into our managed IT services in order to help protect your brand.

Are You at Risk for a Data Breach?

With customer relationship management software being what it is today, and the growing reliance across industries on big data, there’s a strong likelihood that you gather and maintain a database of client data. This makes you a target for cybercriminals. Depending upon your operational standards, you might be leaving the door wide open for a breach. Let’s take a look at two elements of your operation that might be increasing your risk of an attack or breach.

  • Exploiting a Lack of Training and Enforcement
    Many of the tools used by hackers exploit a lack of training or discipline in the employees of their targets. Human error in technical configurations, phishing attacks enticing targets to click on malicious links, and other mistakes all leave your organization exposed. Risk mitigation training and enforcement is crucial to protecting your organization.
  • Failing to Meet Risk and Compliance Requirements
    Depending on the industry in which you operate, your management of client data is likely regulated by legal and regulatory requirements. Compliance can require certain data storage requirements, as well as standardized and documented data flows so the controls that are subsequently put into place are effective. Failing to adhere to compliance, or not understanding compliance requirements, could lead to costly breaches due to inadvertent mishandling of information.

Prevention Through Education and Inclusion in the Process

While these and other possible elements of your operation can be putting you at risk, there are a number of strategies you can employ to mitigate your risk internally. At the core of any strategy you might deploy, you must first make a plan to educate your employees as to access expectations, the importance of keeping work off of personal devices, best practices throughout their workday to avoid exposing sensitive data, and most importantly teaching them about the ways hackers might exploit their trust to infiltrate your systems. Once you’ve integrated education and awareness and involved your employees, it will be much easier to partner with a managed IT service provider who might make changes to routines and systems in order to improve internal protections.

September 17th NCMGMA-NCMSF Webinar: Safeguarding Data


September NCMGMA-NCMSF Webinar
Cyber Security: Safeguarding Data

September 17, 2019 | 12:00 PM – 1:00 PM


Presented by the North Carolina Medical Society Foundation, in cooperation with the North Carolina Medical Group Management Association, this Lunch & Learn webinar will address cyber security, examining potential risks and vulnerabilities, and discussing how you can help prevent a cyber event.


BernsteinAmelia Hayes Bernstein, JD
Senior Director of Security Line, Partner
Sentinel Risk Advisors

In her legal practice prior to joining Sentinel, Amelia handled client litigation and navigated complex class action lawsuits. Amelia leverages her background of negotiating complicated matters by working with her risk management clients throughout the entire policy selection and placement process – from information gathering to marketing and negotiation, and finally the proposal – to provide clients with the best protection for their needs.

As a client executive and partner, Amelia oversees a broad range of client accounts, including all of Sentinel’s professional, executive and cyber liability insurance clients. She has a proven background of providing clients with risk management solutions they were once told were impossible to achieve.

VorholtDana Vorholt, ARM
Director of Risk Management
Sentinel Risk Advisors

As Director of Risk Management, Dana Vorholt is widely known and well respected in the loss control arena. He provides workplace and occupational safety guidance and training, and assures compliance standards are met for businesses with a diverse set of operational risk portfolios.

Dana got his start in risk management working for a national carrier in 2005. He honed his skills for the next decade, exceling at key risk management roles on national accounts. His career took him from the Southeast, to San Diego, and finally, back to Charlotte, NC. He joined Sentinel in May 2017, drawn by the firm’s expansion to Charlotte and the opportunity to round out Sentinel’s Risk Performance Group team with his creative and strategic approach to risk control.

Dana earned his Master’s degree in Safety and Environmental Management from West Virginia University, and is an accredited Associate of Risk Management.


This webinar is complimentary but you must be registered to attend. Space is limited so register early! After you register, you will receive an emailed confirmation with webinar and phone-in instructions.

Continuing education credit may be granted through your professional organization (MGMA, PAHCOM, AHIMA, etc.). Please self-submit for these organizations.


For questions or more information please contact the NC Medical Society offices at ncmsfoundation@ncmedsoc.org.

7 Cyber Security Risks That Every Business Faces

2019 Alliance sponsor feature article courtesy of Apex Technology

Technology is evolving faster today than at any other point in history. Along with this evolution comes new threats to cyber security as the strategies used by hackers and other cyber criminals become more sophisticated. The digital landscape is constantly changing, which can make your business vulnerable in ways you might not even be aware of.

For businesses to minimize the risk of a network security breach, it’s important to begin by understanding the most common threats that exist today. Here are seven common threats that present a serious risk for every business.

Inside Attacks

Nobody likes to admit it, but one of the biggest threats to IT security comes from the inside. Insider attacks can come from employees that you’ve placed your trust in. While it’s important to trust your employees, it’s equally important to exercise prudence in who has access to your network and at what level.

Human Error

Not all inside threats to your cyber security are malicious in intent. It sometimes happens that a team member accidentally exposes your data, making it more vulnerable to an attack. The common culprit here is usually nothing more than lack of training. Taking the time to train and keep your team updated on network security issues is a crucial step for protecting your business.

Emerging Remote Workforce

Numbers vary but it’s estimated that as many as half of workers in the United States are either remotely employed or have the option to work from home at least part of the time. This means that employees are accessing your data on different devices, from multiple locations – often without the high level of network security that your business demands.


Malware is malicious software that has been designed to gain access to your data through your computers with you being none the wiser. Types of malware include software programs like keyloggers, spyware, and viruses, among others. Businesses need strong network security that includes continual monitoring for vulnerabilities.


Like malware, ransomware is malicious software but the effects are felt immediately as the program locks down devices and encrypts data so that it can’t be accessed until a ransom is paid. Ransomware can paralyze your business and put sensitive data at a great risk.

DDoS Attacks

DDoS stands for distributed denial of service. This is an attack coming from multiple sources that basically overwhelms your server or website to the point that it crashes and becomes inaccessible to other users. The key to preventing DDoS attacks is having a system in place that identifies and blocks attempts from malicious sites.

Inadequate Cyber Security Protocols

Finally, so many businesses are at risk because they don’t have a proper cyber security protocol in place. A strong security protocol should include a plan for training, continual monitoring, determining the hierarchy of access, compliance and disaster recovery

Minimize Your Risk of Cyber Security Threats Today

If we know one thing, it’s that tomorrow is going to look different from today. These 7 security risks should be high on your radar but you also need to be looking ahead and proactively protecting your business against threats in the future. Contact Apex Technology to learn more about how we can protect your business with managed cyber security services today.

Cyber Survival Guide Webinar is December 17th


NCMGMA-NCMSF December Lunch & Learn Webinar:
Pings, Penalties & Posts:
A Cyber Survival Guide for the Modern-Day Practitioner

December 17, 2018 | 12:00 PM – 1:00 PM
Sponsored by Medical Mutual


Cybersecurity as a patient safety issue:

  • OCR’s current investigation and enforcement priorities
  • Cyber risk assessment tools and cyber resources
  • NIST’s latest guidance on password advice
  • Current varieties of phishing attacks

Basic steps health care providers and their staff should be taking for good

  • “Distracted Doctoring” claims
  • Consequences of audio/video recordings in the clinical setting
  • Risks of filing un-redacted proofs of claim in bankruptcy court


jason newtonJason Newton, Sr.
Vice President & Associate General Counsel
Medical Mutual Group

Jason graduated from UNC-Chapel Hill and obtained his law degree from Wake Forest University. After a 14-year career in private law practice defending doctors, APPs, and hospitals, Jason came in-house with Medical Mutual – a longstanding client – in 2013.

At Medical Mutual (one of the 15 largest professional liability carriers in the country), Jason oversees the Risk Management and Claims departments in offices in Raleigh, NC, as well as in Philadelphia and Harrisburg, PA. Medical Mutual provides coverage for and/or services claims for nearly 13,000 physicians and over 4,000 CMNs, CRNAs, PAs and NPs in a territory with an infrastructure to accommodate large practice and national alternative risk programs in over 20 states. The claims department handles claims and oversight of outside defense counsel in over 18 states.

Organizations regularly request Jason to speak and he has presented to nearly 5,000 healthcare providers, lawyers, and medical liability industry professionals. He is a Fellow in the Litigation Counsel of America, has received the Presidential Award from the North Carolina Medical Society, and early in his career was recognized among North Carolina’s best lawyers for four years as a “Rising Star” by North Carolina’s Super Lawyers annual publication and for three years as a “Young Gun” in NC Business Magazine’s annual “Legal Elite” edition.


This webinar is complimentary for NCMGMA members and $50 for non-members. Space is limited so make sure to register early! After you register, you will receive an emailed confirmation with webinar and phone-in instructions.

Continuing education credit may be granted through your professional organization (MGMA, PAHCOM, AHIMA, etc.). Please self-submit for these organizations.



For questions or more information please contact the NCMGMA offices at info@ncmgm.org.

Cyber Security and HIPAA

2017 Alliance Sponsor feature article by MedMal Direct

Cyber Threats have become a serious issue in healthcare IT over the past few years. Every day there are attempts to break into secure computer environments in order to either ransom the owner’s information to themselves or just to steal that information and sell it to someone else. Medical records go for about $60 per record (that’s what the hacker is paid by the buyer) whereas simple credit card records go for about $10 per record. The reason that medical records are so valuable is simple – the information doesn’t change. A person cannot turn off their medical record or change their birth date, however we can cancel a credit card and render it useless.

HHS and OCR have provided guidance on the topic of breaches and response to breaches and requires covered entities to have a breach notification and response policy and procedure in place. This policy must include the following:

  1. Definitions
  2. Notifications in the event of a breach
  3. Discovery
  4. Content of Notifications
  5. Methods of Notification
  6. Arrangements with Business Associates in the event of a breach by BA
  7. Law Enforcement Delays
  8. Administrative Requirements

In the event of a suspected breach it is imperative that the organization conduct an assessment to identify the exact nature of the breach. Some organizations are capable of conducting the initial assessment themselves and others may need an outside consultant to assist. OCR rule 45 CFR 164 includes specific guidance on what is required in order to investigate, mitigate, and remediate a breach.

Organizations must develop clear privacy and security guidelines in order to avoid the risk of a true breach. These policies must include how an organization secures its data. Guidelines are provided in the rule for the specific methods that are acceptable for encryption of data and OCR relies on NIST as the expert to provide the standards for which an organization must meet.

A Covered Entity can purchase insurance to protect itself in the event of a breach. This ‘risk transfer’ shifts the financial burden of a breach from the CE to the insurance carrier who also is then responsible, under most policies, for the investigation, notification, remediation, and fines or penalties (see your policy for exact details on coverages).

Guidance on policy and procedure is available to insureds through MedMal Direct’s Risk Management Department and increased limits for cyber liability coverage can be purchased at the request of the insured.