Preventing Data Breaches in Life & Annuities Insurance | Mortality Monitor
Recent headlines feature cybersecurity threats and data breach incidents in the insurance industry. As the industry races forward digitally, cybersecurity takes center stage – requiring companies to proactively examine solutions and processes.
The impact of MOVEit, a type of file transfer software, caused a global attack on insurers’ pension systems and financial services, while expanding to government agencies such as the Department of Energy, exposing data of over 20 million individuals. It’s been reported that 2.5 million Genworth policyholders were exploited, 1,482,490 of Wilton Reassurance customers were notified, and 769,000 retired California workers and beneficiaries were impacted.
There’s a ripple effect through supply chains where even the higher education sector was hit. TIAA didn’t utilize MOVEit, but the third-party vendor, PBI Research Services did, exposing sensitive personal identifiable information.
In May of 2023, PBI Research and The Berwyn Group, a third-party vendor that verifies deaths, was breached through its use of MOVEit, impacting customers such as Genworth, Putnam Investments, Fidelity, and TIAA – and millions of their users.
“PBI Research Services, or PBI, is a third-party vendor that Genworth uses to satisfy regulatory obligations to scan social security data to determine whether a customer may have passed and triggered death benefits under a life insurance policy or annuity contract. We also partner with PBI to identify deaths across our other lines of insurance and insurance agents to whom we pay commissions,” a representative from Genworth explained. “The event included personal information for approximately 2.5 to 2.7 million individuals who are either customers or insurance agents. The personal information accessed included life insurance, individual long-term care insurance, and annuity customers. We are working to understand what personal information related to our group long-term care products may have been affected. For policyholders, the exposed information includes social security number, name, date of birth, zip code, state of residence, and policy number. For agents, the exposed information includes the agent ID, name, date of birth, and full address.”
The Fallout
As the investigation continues, an event that is as sophisticated, complex, and vast as this, with more potential victims having personal information such as contact details, account numbers, social security numbers exposed, can be prevented with proactive vigilance.
Mortality Monitor - Where Security is Job Zero
RiskStream’s Mortality Monitor was designed with the highest level of security, woven together through all layers of the application and network, providing full traceability while streamlining the process of death claims.
Mortality Monitor is designed for large-scale decentralized death registry that allows for down-stream participants to exchange decedent data. RiskStream’s solution enables a broad ecosystem that includes entities who have the original source of death information such as vital records, data aggregators, and government agencies to participate on the network to serve a broad ecosystem of insurers, financial institutions, utilities, credit agencies, etc.
Decentralization ensures the highest standard of data privacy and security through safe, secure, trusted, and transparent permission-based blockchain technology, proactively preventing vulnerability, as seen by the MOVEit breach.
Mortality Monitor and the blockchain technology stack are SOC2 compliant and ISO27k certified, enforcing traceability, while adhering to the most rigorous requirements and standards that ensures privacy, confidentiality, and integrity. The inherent security principles provide a comprehensive, tamper-proof security infrastructure that prevents unauthorized access and security breaches.
If That’s not Enough…
RiskStream’s Mortality Monitor solution offers a single source of decedent information required to process a death claim. Instant notification helps carriers proactively identify potential deaths more quickly, reducing the burden on the beneficiary and shortening the claims cycle time. It’s designed to deliver operational efficiencies and financial advantages to carriers while improving the beneficiary’s experience.
Why Now?
The MOVEit breach could be one of the most devastating attacks and today’s data-intensive organizations must be proactive and vigilant with data security, cybersecurity is not optional. By using a solution like Mortality Monitor, with its high compliance standards and secure, decentralized infrastructure, organizations, and their customer’s data, are secure.
LEARN MORE
Sign-up to receive the latest updates on Mortality Monitor.
Sources:
MOVEit Data Breach Hits 30 Colleges via TIAA, Other Vendors | ThinkAdvisor
MOVEit compromise affects pension systems, insurers - Help Net Security