MSA Optimization Yields $175,867 in Savings

June 15, 2022

stethoscope and insurance claim form

CHALLENGE:

Tower was engaged to prepare an MSA for a 54-year-old partial quadriplegic. The lack of current medical records, the erratic behavior of the patient, the quality of the provider’s treatment coding, and unknown treatment outside of the WC Plan were challenges to preparing an accurate MSA. The preliminary MSA amount was $424,528.

SOLUTION:

In review of the treatment records, Tower’s medical experts were able to identify several instances where Medicare covered expenses could be reduced as part of Tower’s Optimized MSA process.

At Tower’s request, the client obtained current medical records. Tower’s clinical team reviewed those records and the corresponding billing codes used for all treatments. By analyzing the provider’s treatment methods against Medicare’s reimbursement requirements, Tower was able to identify items that were more accurately priced with alternative codes. One instance identified was a determination that a catheterization code (A4353) was used incorrectly. By using the correct billing code and applying other cost savings strategies to the treatment regimen, the MSA dollars were significantly reduced.

To ensure that CMS would accept the updated medical coding, Tower detailed how the original billing code was incorrectly used and then provided the correct coding.

RESULTS: $175,867 in Savings

Upon finalization of the optimized MSA, a total allocation amount of $248,661 was submitted to CMS for review and approval. CMS accepted the proposed MSA amount and responded with a Full Approval. Using Tower’s proprietary processes and technology, the client carrier was able to reduce the Medicare exposure of this settlement resulting in total savings of $175,867.

More Tower Success Stories can be found here!

South Florida Business Journal Recognizes Tower MSA Partners as a Top 25 Women-Owned Business

June 9, 2022

banner featuring photo of CEO Rita Wilson and COO Kristine Dudley to announce Tower MSA being named to Women Owned Business list

Tower MSA Partners is recognized as a Top 25 women-owned business by South Florida Business Journal.

We know we’re good, but we enjoy external validation as much as the next guy – or woman. So, we were quite pleased to learn Tower MSA Partners not only made the South Florida Business Journal’s list of Women Owned Businesses, but we ranked among the Top 25.

The publication covers companies in the densely populated Miami-Dade, Broward, and Palm Beach counties. When you consider how many women-owned businesses are in this market, the honor is even more impressive. A 2016 Sun Sentinel story said nearly half of all the women-owned businesses in Florida were based in this area.

Among the metrics used to produce the list is the percentage of the company that is owned by women. For Tower, that’s 100%. CEO Rita Wilson and COO Kristine Dudley co-founded the company more than 10 years ago. You can read more about the company’s start in this article.

Tower is not only women-owned but 85% of our employees, including most of our managers and supervisors are women.

Tower is also a certified member of WBENC or the Women’s Business Enterprise National Council, a leading non-profit organization dedicated to helping women-owned businesses thrive.

If you’d like to connect with Rita or Kristie email them at rita.wilson@towermsa.com or kristine.dudley@towermsa.com.

MSA 2nd Opinion Success Story – $98,120 in savings

June 7, 2022

nurse conducting research for a Medicare Set Aside Second Opinion in a manual

CHALLENGE:

A Medicare Set-Aside was prepared by another MSP provider for $221,384.00.  In addition to extensive medical treatment and surgical procedures, the MSA included the medications omeprazole, ibuprofen, sertraline, and hydroxyzine.  As a settlement was not feasible with that MSA amount, it was submitted to Tower for a 2nd Opinion MSA Review.

Tower’s 2nd Opinion MSA Review is offered at no charge.

SOLUTION:

Following Tower MSA Partners’ standard MSA workflow, the Intake team compared the reported “accepted” body parts against information in the client’s claim system and determined that sertraline, intended to treat stress and depression, should be removed as “psyche/stress” was not an accepted body part. This yielded a savings of $58,320. Additionally, Tower identified inappropriate medical treatment, including an unnecessary bladder surgery, resulting in a further $37,234 reduction. Finally, Tower obtained a rated age from K.P. Underwriting, which lowered the treatment and prescription cost over life expectancy. Tower’s MSA totaled $123,263.68.

RESULTS:  $98,120 in Savings

In addition to eliminating Rx unrelated to the injury and appropriately allocating for medical treatment, Tower recommended the following pre-CMS submission to mitigate exposure and further lower the MSA:

  1. Tower drafted Body Part Letter to confirm accepted compensable conditions and specifically identified all other conditions discussed in the medical records as not “accepted” or paid for by our client.
  2. Tower’s Physician Follow Up Service, offered at no charge, to reach out to the treating physician to confirm if hydroxyzine is related to the WC injury and whether omeprazole and ibuprofen can be switched from prescription to over-the-counter versions.

More Tower Success Stories can be found here!

Download more information here or refer an MSA for a 2nd Opinion by contacting our Intake Team at 888-331-4941 or referrals@towermsa.com.

Humana’s Brian Bargender Gives Tips on How to Work with Medicare Part C & D Plans

May 12, 2022

Chalk board with Medicare Part C & D

Attendees of Tower’s Premier Webinar on April 20 received sound advice on how to work with Medicare Part C (Advantage) and D (Drug Benefits) plans. Our guest presenter was Brian Bargender, Consultant, Subrogation and Third-Party Liability with Humana, a nationally recognized expert on these plans.

Bargender noted that these plans have the same rights and responsibilities as original Medicare under the Medicare Secondary Payer (MSP) Act. This means that Part C and D plans must avoid payment for treatment covered by primary payers, such as workers’ compensation or liability. Part C plans take this commitment seriously as they want to prove they are more efficient than original Medicare.

The PAID Act gave primary payers visibility into Medicare beneficiary enrollment status in Parts C and D. Previously, they could only see that an individual was enrolled in Medicare. It was problematic to identify a beneficiary’s plan and resolve conditional payments. The growing popularity of Medicare Advantage plans was making the process more time consuming. Approximately 46% of Medicare beneficiaries use Part C and 75% of the ones on original Medicare have Part D.

Bargender explained the plans’ approach to MSP compliance and touched on Private Cause of Action and Double Damages in the MSP Act. Medicare Advantage plans can obtain double damages from primary payers that refuse to reimburse conditional payments. And primary payers remain liable for repayment until plans are repaid, even if they have already paid the injured worker their settlement.

To make it easier to work with Part C and D plans in light of the PAID Act, Bargender offered these insights and advice:

  • While Section 111 reporting gives primary payers “an” address, it’s not necessarily the address the plan would have chosen. As such, further investigation into the appropriate plan contact may be necessary.
  • Medicare Advantage plans get Section 111 data, but not always in time to act on it. They use it as a back sweep to see if they missed anything.
  • Contact the plans before trying their recovery vendors; they have multiple vendors.
  • Ask for the subrogation or legal departments. Customer service reps at C and D plans are not well versed in Medicare Set-Asides.
  • It’s hard for Medicare Advantage and drug plans to predict and staff for call volume; prepare for delays.
  • The plan may not have the file when payers contact them.
  • It’s good for primary payers to notify the plan(s) when they accept responsibility for the claim, and certainly when they prepare for settlement. The Centers for Medicare and Medicaid Services (CMS) notifies plans later in the process.
  • To minimize calls and delays, provide plans the same information given to CMS for Ongoing Responsibility for Medical (ORM) or Total Payment Obligation to Claimant (TPOC) reporting along with the MSA diagnosis and prescription drug details if they are available.
  • At minimum, plans need this data:
    • Medicare Beneficiary Identifier
    • Name
    • Date of birth
    • Loss/Injury Date
  • Part C and D plans cannot correct errors in the file; these must be done through Section 111 reporting or through the Benefits Coordination and Recovery Center (BCRC).
  • These plans do not track how funds are used or exhausted. They need a letter from CMS to the MSA administrator or beneficiary that says funds were properly exhausted before they can start paying for injury care.

Tower has found Bargender and Humana’s subrogation team to be very helpful. They promptly identify specific reimbursement claim information when the claimant is enrolled in a Humana Medicare Advantage plan. Further, they are open to understanding the liability issues and basis for settlement; this is something not typically found with the Medicare conditional payment recovery contractors.

As Bargender stressed, “proactive beats reactive,” when it comes to resolution of these Part C and D claims. Primary payers must be proactive in using PAID Act data to identify whether a Medicare eligible claimant is enrolled in a MA plan, and, if so, investigate whether the plan is seeking reimbursement for payments it made on the claim.

For our Section 111 reporting clients, Tower has the PAID Act data readily available. Whether you are a reporting or non-reporting client, we can help you contact the Part C and/or D plan to investigate and resolve conditional payments at the time of settlement.

If you have questions or want a link to the recorded webinar, please contact Dan Anders at Daniel.anders@towermsa.com

Related articles

The PAID Act: Implementation and Implications for Claims Handling

Tower MSA Partners Receives 2022 SOC 2 Type II Attestation

May 3, 2022

logo for AICPA. which conducts the SOC 2 Type II Audit

Independent Audit Verifies Tower MSA Partners’ Internal Controls and Processes

Delray Beach, FL – Tower MSA Partners, a Medicare Secondary Payer compliance services company, today announced that it has completed its annual SOC 2 Type II audit, performed by KirkpatrickPrice. This attestation provides evidence that Tower has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

A SOC 2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA. During the audit, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are reviewed, examined and reported on. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Tower MSA Partners’s controls to consistently meet the standards for these criteria throughout the full audit period.

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Tower delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Tower’s controls.”

“It’s an honor to again earn an unqualified 2022 SOC 2 Type II outcome” said Wilson. “It’s an attestation that Tower’s systems, policies and procedures meet the trust services criteria of security, availability, processing integrity, confidentiality, and privacy.”

What does this mean for you?

  1. Peace of mind.
    If you partner with Tower, you can be assured that

    • Our human processes and our highly automated system– have been validated by third-party auditors after a stringent analysis.
    • Your data is transferred safely, used appropriately, stored securely, and is accessible for the required amount of time.
    • You can partner with a best-in-class MSP services provider and superior technology.
  2. Cybersecurity assurance. Auditors recognized Tower’s commitment to keep up with cyber threats, patching, monitoring methods and cybersecurity technology. They saw that we monitor all internal systems for patching cadence and antivirus/antimalware activity, we regularly train staff on how to avoid the latest scams, and we execute multi-factor authentication and password changes to prevent breaches. In addition, we partner with reliable and well-respected cloud storage, monitoring, and security companies.

While the complete report is confidential and proprietary, a redacted synopsis of the report, SOC 3, can be downloaded here. I’m happy to answer questions and discuss the value of partnering with Tower for your MSP compliance and MSA needs. Please contact me at Rita.Wilson@TowerMSA.com to arrange for a conversation.

Highlighting worker fatalities: Workers Memorial Day

April 28, 2022

Banner for Worker Fatalities for Memorial day

As an industry, we must all work to eliminate worker fatalities through an ongoing commitment to safety. April 28 is Worker Memorial Day, a time to memorialize those who died on the job.

Every year, April 28 is earmarked as Workers Memorial Day, a global day to remember and memorialize workers who lost their lives on the job. The day has several purposes:  Through a series of national and local events, it offers a way to call attention to the number of worker fatalities, to put a face on the workers who died, and to highlight the impact these deaths have on their families, co-workers, and communities. The day also sheds light on the fact that most workplace incidents are preventable and serves as a reminder for employers and workers alike to recommit to the important work of building safer workplaces.

April 28 is a fitting day for this event because it is also the day OSHA was established in 1971. Under the Occupational Safety and Health Act of 1970, “employers are responsible for providing safe and healthful workplaces for their workers. OSHA’s role is to ensure these conditions for America’s working men and women by setting and enforcing standards, and providing training, education and assistance.” OSHA’s mission encompasses 130 million workers, employed at more than 8 million worksites around the nation.

Of the 2022 Memorial, OSHA says:

“This year, we also recognize that, more than a year into the pandemic, every day essential workers, many of whom are people of color and immigrants, have put their lives on the line during the COVID-19 pandemic. Many were sickened or died as a result of just going to work – for simply doing what they had to do to support their families. They were healthcare workers, grocery workers, meatpackers, nurses, delivery drivers, farmworkers, law enforcement officers, teachers, and sanitation workers. We remember and honor every worker who has lost their life to largely preventable fatal injuries and illnesses, and we commit ourselves to fighting to make sure that others do not suffer the same terrible fate.”

The impact of OSHA on worker fatalities can be seen in the statistics:  Worker deaths in America dropped from about 38 worker deaths a day or 13,900+ per year in 1970 to 15 a day or 5,300+ per year in 2019.

The most recent Census of Fatal Occupational Injuries was issued by the Bureau of Labor Statistics in December 2021 and noted a significant decrease in worker fatalities. The report noted that there were 4,764 fatal work injuries recorded in the United States in 2020, a 10.7-percent decrease from 5,333 in 2019 and the lowest annual number since 2013. The fatal work injury rate was 3.4 fatalities per 100,000 full-time equivalent (FTE) workers, down from 3.5 per 100,000 FTE in 2019. A worker died every 111 minutes from a work-related injury in 2020.

But the number of fatalities for 2020 needs to be put in the context of the pandemic, when many workplaces were shuttered for varying lengths of time. Some safety and health experts warn that we are likely to see an increase in the numbers going forward: Serious Work Injuries and Fatalities Spike as Labor Shortages Exacerbate the Problem

Fewer workers died or suffered severe injuries in the workplace in 2020.

However, the rate of serious injuries and fatalities rose from 366 per 100,000 workers in 2019 to 429 per 100,000 workers in 2020, according to risk management software firm ISN.

The rate was 406 per 100,000 in 2018.

The problem could worsen as companies around the U.S. contend with a shortage of labor, which can translate into longer hours on the job by less-experienced workers, as well as a greater reliance on outside contractors.”

Working to reduce worker injuries and deaths is the right thing to do. It’s also usually the least costly thing to do and the smart thing for employers to do. Workers are concerned about workplace safety and appreciate employers who demonstrate a commitment. A recent survey showed that:

Almost all (97%) respondents said feeling safe is a major factor in choosing where to work. Asked how they would respond if their employer failed to communicate effectively about an emergency or other potentially dangerous event, 44% said they would feel unsafe and 58% said they would reconsider working there or seek employment elsewhere.

For more information on Workers Memorial Day:

Previously on Tower MSA Partners

Premier Webinar: Medicare Advantage Plan Reimbursement – What Now?

April 7, 2022

In December 2021, the Centers for Medicare and Medicaid Services (CMS) started providing access to data showing a claimant’s enrollment in Medicare Part C and D plans. Now payers are wondering how to best interact with Medicare Advantage (MA) plans and prescription drug plans. What are their reimbursement rights? How does this work with Section 111 reporting?

Tower is pleased to feature a guest presentation by Brian Bargender, Management Consultant, Subrogation and Other Payer Liability for Humana on Wednesday, April 20 at 2:00 PM ET.  Brian is arguably the industry’s foremost expert on Part C and D plan subrogation. Humana is the second-largest Medicare Advantage Plan and Part D plan in the country and has been the leading advocate for reimbursement under the MSP Act.

Here’s just some of what you will learn:

  • Role of Part C and D plans in providing services to Medicare beneficiaries.
  • Reimbursement rights of Part C and D plans under the Medicare Secondary Payer (MSP) Act.
  • Interplay between CMS and Part C and D plans in use of Section 111 Mandatory Insurer Reporting data.
  • Part C and D plans role in Workers’ Compensation MSAs.
  • Best practices for working with Part C and D plans to resolve reimbursement claims.

A Q&A session will follow the presentation, and you can provide questions at the time you register. Please click the link below and register today!

REGISTER HERE

CMS to Hold Webinar on “Go Paperless” Feature in MSPRP

March 28, 2022

Red Medicare button on a keyboard to illustrate Medicare conditional payment.

On April 13, 2022, at 1:00 pm ET, the Centers for Medicare and Medicaid Services (CMS) will host a webinar on the “Go Paperless” option in the Medicare Secondary Payer Recovery Portal.  The selection of this option will provide for more expeditious receipt of correspondence from the CMS Medicare conditional payment recovery contractors.  Per the announcement:

The Centers for Medicare & Medicaid Services (CMS) will be hosting an overview of the new “Go Paperless” feature available in the Medicare Secondary Payer Recovery Portal (MSPRP). Insurers and authorized agents may now choose to opt-in to paperless functionality. Once registered, users will be able to quickly and easily access all recovery correspondence including demand letters, using the MSPRP. Opting to “Go Paperless” in combination with the ability to submit correspondence through the MSPRP and the multiple available options for electronic payment will allow your organization to not only reduce the amount of paper that needs to be physically handled, associated workload and environmental impacts, but also eliminate concerns about delays that can arise when information is sent through the mail.

The webinar will feature opening remarks and a presentation, followed by a question-and-answer session.

Note, there is no pre-registration, instead, just follow the provided link shortly before the webinar start time.

By way of background, in January CMS released an updated Section 111 User Guide, Version 6.7, which in Chapter V provides as follows:

When there is an active Medicare Secondary Payer Recovery Portal (MSPRP) account for the insurer/recovery agent TIN, Section 111 submitters may set Go Paperless options (i.e., choose to receive letters electronically or by mail) for the insurer and recovery agent address using the following new TIN Reference File fields (Appendix B):

  • TIN/Office Code Paperless Indicator (Field 23)
  • Recovery Agent Paperless Indicator (Field 24)
  • Recovery Agent TIN (Field 25

Note: There are also five new fields (Fields 48-52) returned for these entries on the TIN
Reference Response File (Appendix D).

Along with the updates to the Section 111 User Guide, CMS also updated the Medicare Secondary Payer Recovery Portal (MSPRP) User Manual, Version 5.3, to incorporate functionality around the Go Paperless option.

Key Takeaways

We are pleased to see CMS provide this Go Paperless option for Responsible Reporting Entities (RREs) and their authorized agents. It is environmentally friendly and will allow time-sensitive correspondence i.e., Conditional Payment Notice with a 30-day due date, to be received and acted upon sooner.

If you are interested in taking advantage of the Go Paperless option or have other questions we encourage you to attend the CMS webinar.  Also, you can always contact Dan Anders, Chief Compliance Officer, at 888.331.4941 or daniel.anders@towermsa.com with any questions.

CMS Clarifies Policy on Non-Submit MSAs in Updated Reference Guide

March 22, 2022

book marked by sticky notes illustrating changes Section 111 reporting on ORM

The January 2022 addition of Section 4.3 to the CMS WCMSA Reference Guide that discussed the agency’s treatment of non-submit Medicare Set-Asides caused quite a stir throughout the MSA industry and raised many questions for those who use non-submit MSAs in workers’ comp settlements.  A February CMS webinar addressed some of those questions and we now have an update (Version 3.6) to the CMS WCMSA Reference Guide that modifies and clarifies this section.

Revisions to Section 4.3

Below is a breakdown of the revisions to Section 4.3 along with comments.

More general language around non-submit MSAs

The original language called out certain MSA products as indemnifying:

“A number of industry products exist with the intent of indemnifying insurance carriers and CMS beneficiaries against future recovery for conditional payments made by CMS for settled injuries.”

The new language is more general:

“A number of industry products exist for the purpose of complying with the Medicare Secondary Payer regulations without participation in the voluntary WCMSA review process set forth in this reference guide.”

Comment:  The original language took aim at MSA indemnification agreements where the new language is broader and includes any product that addresses future medicals. It also reiterates that the CMS MSA review process is voluntary. This was likely in response to people who said that CMS’s original policy changed the MSA review process from voluntary to mandatory.

 ‘May’ instead of ‘Will’ Deny

 CMS’s original policy said that it “will” deny payment of medical services up to the total settlement amount whereas the revised policy indicates CMS “may at its sole discretion” deny payment.

Comment:  It appears that CMS is giving itself wiggle room depending on the circumstances of an individual case.  Also, as is further explained below, CMS has given itself the option to accept less than the entire settlement amount as sufficient to protect its interests.

Total Settlement Definition

The original Section 4.3 defined total settlement as “total settlement less procurement costs.”  This was now revised to define total settlement “as defined in Section 10.5.3 of this reference guide, less procurement costs and paid conditional payments.”

Comment:  Section 10.5.3 is CMS’s longtime definition of “total settlement.” It makes sense that the definition of total settlement in the non-submit context should align. CMS also acknowledges that besides procurement costs, payment of conditional payments from the settlement amount should also be deducted from the amount of the settlement available to pay for future medical.

Post-MSA exhaustion review

When released in January, Section 4.3 provided no option for CMS to acknowledge the non-submit MSA as sufficient. The updated policy now says, “CMS will ignore the non-submit MSA and use the total settlement amount (minus procurement costs and paid conditional payments) as the amount available to pay future medicals “unless it is shown, at the time of exhaustion of the MSA funds, that both the initial funding of the MSA was sufficient, and utilization of MSA funds was appropriate.”

Comment:  It will be the Medicare beneficiary’s responsibility, or someone working on their behalf, to demonstrate that the MSA was sufficient at the time of settlement and that the MSA funds were spent appropriately.  We can assume that CMS will use the standards found in the WCMSA Reference Guide and its MSA Self-Administration Guide to make its determination. If CMS finds either that the MSA was insufficiently funded or inappropriately utilized, does the Medicare beneficiary have a right to an appeal? Medicare beneficiaries have a right to appeal a denial of payment for medical care. Presumably, that right extends to the context of a non-submit MSA, but it remains unclear how this would play out in practice, and CMS did not address it here.

Policy start date:  Per CMS, Section 4.3, “shall apply to all notifications of settlement that include the use of a non-CMS-approved product received on, or after, January 11, 2022; however, flags in the Common Working File for notifications received prior to that date will be set to ensure Medicare
does not make payment during the spend-down period.”

Comment:  Before the January date, there was no obligation to notify CMS of a settlement that includes the use of a non-CMS-approved MSA product (Yes, there is a Section 111 reporting responsibility, but that does not include notification of a non-submit MSA). Is there an obligation now? Nothing in Section 4.3 affirmatively states such an obligation exists and there is no statutory basis that provides for such notification.

Under threshold MSAs:  CMS says “CMS does not intend for this policy to affect any settlement that would not otherwise meet review thresholds. This comment does not relieve the settling parties of an obligation to consider Medicare’s interests as part of the settlement; however, CMS does not expect notification or submission where thresholds are not met.”

Comment:  Again, by saying it does not expect notification where thresholds are not met, CMS implies that they do expect notification when a non-submit MSA is used and thresholds are met. Why would CMS expect no notification on an under-threshold MSA? I suspect there are two reasons:

  • If a claimant is a Medicare beneficiary with a settlement of $25,000 or less, CMS expects that the MSA is a low-dollar amount and not worth the time it takes to coordinate its benefits.
  • If a claimant is not a Medicare beneficiary but has a reasonable expectation of Medicare eligibility within 30 months and the settlement is $250,000 or less, CMS cannot track the claimant as they are not yet a Medicare beneficiary.

Summary comments on Section 4.3 revisions

CMS should be credited for quickly addressing several of the questions and concerns that arose from the original Section 4.3 language. The revised section backs off the seeming implication that the mere use of a non-submit MSA represents a potential cost shift to Medicare. With that said, CMS reiterated that if the non-submit MSA exhausts, then it must be demonstrated that the MSA was sufficiently allocated at the time of settlement and the funds properly expended. As we do not know how this policy will play out in practice, the non-submit MSA route continues to present a notable risk to the claimant Medicare beneficiary.

Other CMS Updates to WCMSA Reference Guide

Beyond Section 4.3, CMS also made updates to other sections of the guide:

Section 9.4.1.1 Most Frequent Reasons for Development Requests

CMS added language to this section around documentation required for disputed cases, in other words, $0 MSAs for denied claims. CMS stated that medical records are required even when the parties are in dispute. Further, draft or final settlement agreements and court rulings are required documentation if they exist.

Comment:  CMS has required the above for quite some time.  This is just putting the requirements into the reference guide.

Section 16.1 Re-Review

CMS added the following to its re-review criteria:

 “Should no change be made upon response to a re-review request (i.e., no error was identified), additional requests to re-review the same error will not be entertained. “

Comment:  Tower has on occasion gone back and forth with CMS on arguments to remove a certain treatment or medication from the MSA. This new statement implies that once CMS makes its decision regarding a particular item it will not entertain other arguments.

If you have any questions, please contact Dan Anders, Chief Compliance Officer, at 888.331.4941 or daniel.anders@towermsa.com.

 

Cyber Concerns Rise in the Wake of Russia’s Invasion of Ukraine

March 11, 2022

threatening hooded figure with the word cyber security superimposed to illustrate post on best practices for cybersecurity

Cybercriminals love pandemics, natural disasters, and wars. Global distractions are good for their business.

Russia’s invasion of Ukraine elevates cyber security risks, which were already on the minds of global business leaders. So far, the incursion has delivered new distributed denial of service (DDoS) attacks and a novel malware, Hermetic Wiper.

While most attacks have targeted Ukraine’s government, infrastructure, and financial services, US companies need to be on guard against spillover and direct attacks. The US/British-owned insurance broker AON was attacked on February 25. Although no direct connection has been reported, this was one day after the invasion.

But business leaders around the world did not need a war to stir their anxieties about cyber-attacks. The Allianz Risk Barometer, which surveys over 2,650 risk management experts around the world, identified cyber risk as the number-one threat to global businesses for 2022.

That means companies worry more about potential data breaches, ransomware attacks, and major IT outages than supply chain disruptions, COVID-19, or natural disasters. The second highest-rated concern was a business interruption, which can result from a catastrophic cyber-attack.

Not being able to provide products and services on time or–at all–is a frightening prospect. Business interruptions can have long-lasting, and for some companies, fatal impacts.

Tower’s commitment to business continuity relies on our powerful cybersecurity system and exacting protocols. These include the installation of anti-malicious software and its updates, the use of multi-factor authentication (MFA), VPNs, and real-time, 24/7 monitoring to detect and mitigate cyber intrusions. In addition, our employees receive extensive cybersecurity training and understand how to do their part to prevent breaches. We invest considerable time, thought, effort, and money to secure our data and our clients’ data.

Because data transfer presents a vulnerability, we also have a Vendor Risk Assessment Process for all third parties that can access Tower’s data, networks, and servers. In a digital age, companies need to be as concerned about their partners’ cybersecurity practices as they are about their own.

Hopefully, the war in Ukraine will not provoke massive cyber-attacks, but now is the time to secure your perimeters. To help you tell if your organization is as cyber secure as it can be, here’s a checklist gleaned from our partner, Palo Alto Networks, and the Shields Up site from the US government’s Cybersecurity & Infrastructure Security Agency (CISA).

  • Implement multi-factor authentication on your accounts.
  • Lockdown your network. Disable all applications, ports, and protocols that are not essential to operations.
  • Ensure software is up to date
  • Reinforce employee training, especially regarding clicking on strange emails. According to CISA, 90% of ransomware attacks come through phishing
  • Renew your plan for managing an attack.
    • Walkthrough scenarios in table-top exercises.
    • Test back-up and recovery plans and continuity of operations in case a network is disabled.
    • Make sure the emergency contact information for your people and partners is updated and available.
    • Revisit your crisis communications plan.

Most cyber threats can be managed, but we must be proactive. If your IT professionals have been requesting funds to strengthen cyber security, take this time to analyze the proposed solutions. Invest while you can.

Our CEO Rita Wilson has a strong technology background and a keen interest in these issues. If you have questions or just want to discuss your cyber security concerns, contact her at rita.wilson@towermsa.com

Meantime, shields up!