RiskMD; Risk Management for Today and Beyond

Risk management is foundational to the insurance industry at large.  Not only as a means to ensure the pricing integrity of insurance products, but most importantly, to continue to achieve and maintain safer, healthier environments for all.   Innovation in this space should be recognized, encouraged and celebrated.  To that end, we celebrate RiskMD!

RiskMD holds one of (if not the) only patents specific to PEO.  This patented business intelligence platform organizes insurance-related data in a proprietary way to empower risk managers and insurance executives to completely change the way they approach decision making.

Risk managers and insurance executives spend countless hours poring over numbers in search of opportunities to mitigate losses and increase profitability. This requires many hours of tedious work, compiling and deciphering mountains data using multiple complex tools, and the experience and instincts to find actionable insights.

RiskMD completely reshapes this process. The technology seamlessly automates data aggregation and integration to provide clear and meaningful insights with detailed and impactful visualizations. It gives users the ability to schedule recurring reports for quick and easy insights on demand, while also allowing for more advanced users to dig deep into the numbers and find the most granular of opportunities.

What makes RiskMD unique? Where did the concept come from?

Risk MD is an insurance data analytics tool that was built with the goal of changing the way the industry uses data to understand loss ratios and maximize profitability for any given insurance transaction. It’s a system and method for the valuation, acquisition, and management of insurance data. The concept was developed by Paul Hughes, the Founder and CEO of RiskMD, with the idea of bringing the mentality of stock trading analytics to the insurance world.

This system follows a patented process that uses a common identifier, the Federal Employer Identification Number (FEIN) to efficiently and effectively aggregate data in a new and powerful way. The process makes it possible to funnel data into the system without the need for labor-intensive manual input.

The use of FEIN also enables a more precise normalization of the data so that it can be more easily manipulated. This allows users to easily drill down to a deeper level for more impactful insights.

Another unique feature of the tool is that it’s designed to produce insights, rather than requiring users to find the insights themselves. Without RiskMD, risk managers and insurance executives have to dedicate countless hours to building and manipulating spreadsheets and pivot tables, then try to search the resulting data points to verify whatever insights are available to be found. RiskMD compiles the data much more efficiently and can be pre-programmed to surface the most important insights automatically, presenting them visually through the use of graphs, tables, and charts.

Whether risk managers and insurance executives are using it to manipulate data in real-time on their own or relying on custom reports that are delivered automatically, those using RiskMD have a competitive advantage over those who don’t.

How is RiskMD relevant to core concerns of risk managers?

One of the most critically important concerns for insurance executives is to maintain profitability across a book of business. They manage the total cost of risk, which can come from claims paid, or dollar values that are paid internally within a deductible limit, and additional costs that aren’t easily quantified, like the value of opportunity costs missed. Their ability to do this depends heavily on using data to gain an understanding of which accounts might create profitability issues. Without knowing which accounts are presenting exposure points and fueling losses, a risk manager cannot effectively manage them. This leads to reactionary behaviors rather than proactive ones.  Minor “hot spots” can become major loss leaders.

It gives the ability to quickly and easily see loss ratios for each account or exposure in their book of business, in real-time, through visualizations. If profitability is the macro problem, RiskMD is a tool that helps take a granular look to find the micro issues that cause that macro problem.  This prevention-based approach maximizes profitability.

How is RiskMD effective in solving one or more problems in the risk management process?

Managing risk effectively and profitably relies on finding and addressing loss leaders proactively. To do this, risk managers face the problem of compiling and deciphering large quantities of data. This process is labor-intensive, time-consuming, and typically requires a deep knowledge of multiple data manipulation tools.  Even with all the tools and manpower, the problem is often compounded when insights are unfound, like a needle in a haystack.

At its core, RiskMD is a risk assessment and analysis tool. It simplifies the data evaluation process and allows C-Level Executives and Risk Managers to discover key insights that help them make better business decisions. Using visualizations for risk identification makes insights easier to find and understand at all levels. Delivering performance metrics in real time through visualizations ensures that the internal and external stakeholders of an insurance transaction can always “keep score.”

How is RiskMD presented to risk managers to ensure ease of understanding and use.

RiskMD is an incredibly robust data analysis tool. The sheer volume of information and insights that it provides can be overwhelming. With that in mind the platform was specifically designed to make those insights as easy to access as possible using Tableau Software, which is the industry standard for user-friendly data visualization.

Using the automatic data-input process and the interpretations made possible by the proprietary algorithms, RiskMD delivers insights to the user or insurance executive in the form of graphs, tables, and customizable gauges. These visualizations are designed to make understanding the insights simple and easy enough for any user to understand. They are color-coded in a green-to-red, “stoplight” method that makes quickly understanding areas of potential risk easier.

RiskMD provides automated reports that can be built once and then scheduled for direct delivery at the desired interval. This allows a more hands-off approach in which the most important indicators are delivered directly to the user’s desk, ensuring consistent oversight.

For users with a higher degree of data acumen, RiskMD allows them to pull various levers and manipulate data to gain deep and precise insights that would otherwise be extremely time-consuming to uncover. This ability to “slice and dice” information provides a level of understanding that makes a user’s ability to mitigate potential losses invaluable.

What results and objectives are achieved by RiskMD in a risk management setting.

Benchmarks are instrumental in providing key insights using data. RiskMD houses more than 100,000 claims files and exposure data for more than 20,000 client companies. This cache of data allows RiskMD users to benchmark against RiskMD proprietary data, as well as industry data. That ability to benchmark against the proprietary data became incredibly useful during the COVID-19 outbreak.

The insurance industry cycles through exposure, premium, and claims data on a period of about 12-18 months when accounting for audit periods. RiskMD cycles through this data on a bi-monthly basis due to data ingestion from its expansive PEO clientele, which report on a “pay-as-you-go” basis. When the global Coronavirus pandemic shut down the economy and upended the industry, NCCI, the preeminent Workers’ Compensation Bureau, contacted RiskMD for insights on how COVID was affecting claims and payroll.  RiskMD was the only known source that could provide real-time insights on jobs and job-related COVID claims. RiskMD provided NCCI with important insights as to how COVID affected jobs and payroll nationwide by quantifying claims incurred versus the reduced premiums collected.  This accurate capture of loss ratio was simply not available anywhere else due to the proprietary source of “pay-as-you-go” payroll exposure information.

Cyber Villains’ Strike Again!

The Verge reported on Wednesday, October 6th, 2021 that cyber villains unknow have struck again!  This time targeting Twitch, an content sharing and streaming platform owned by Amazon. 

The Verge had the following report, which can be found at https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

Twitch source code and creator payouts part of massive leak

The leaked data also includes a Steam competitor

Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history.

The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” The Verge is able to confirm that the leak is legitimate, and includes code that is as recent as this week. Video Games Chronicle first reported details on the leak earlier today.

Twitch has confirmed it has suffered a data breach, and the company says it’s “working with urgency to understand the extent of this.”

The leak includes the following:

  • 3 years worth of details regarding creator payouts on Twitch.
  • The entirety of twitch.tv, “with commit history going back to its early beginnings.”
  • Source code for the mobile, desktop, and video game console Twitch clients.
  • Code related to proprietary SDKs and internal AWS services used by Twitch.
  • An unreleased Steam competitor from Amazon Game Studios.
  • Data on other Twitch properties like IGDB and CurseForge.
  • Twitch’s internal security tools.

The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.

The leak doesn’t appear to include password or address information on Twitch users, but that doesn’t mean this information hasn’t been obtained as part of this breach. In fact, the leaker seems to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts.

While Twitch has confirmed a data breach, it’s still unclear exactly how much data has been stolen. We’d recommend changing your Twitch password and enabling two-factor authentication on your account if you haven’t done so already.

Twitch has been struggling to contain ongoing hate and harassment recently. After weeks of hate raids, some Twitch streamers took a day off in August to protest against the company’s lack of action. Twitch has responded to the #DoBetterTwitch movement, and it’s a hashtag that the anonymous poster has used today to promote this leak.

Updates on the Twitch security incident can be found on the platform’s own website at https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/

OSHA Guidelines on Hurricane Preparedness and Response

Summer has ended and we now enter that wonderful time of year when evening shadows dawdle, and dawn hesitates on the horizon a bit longer each morning.  Even as the days begin to shorten and the breeze brandishes a hint of cool, hurricane season persists.  The last day of hurricane season 2021 is not until November 30th.  We are 127 days into this season with 21 named storms so far, averaging 1 storm every 6.05 days; and we have 55 days yet to go!   

That being said, I felt it valuable to share the following hurricane preparedness and response guidelines from OSHA.  Full content from OSHA on this topic can be found at https://www.osha.gov/hurricane.

Hurricanes are a form of tropical cyclones that are capable of causing devastating damage to communities. Hurricanes are storm systems with circulating air and sustained wind speeds of 74 miles per hour or higher. The strongest hurricanes can have wind speeds exceeding 155 miles per hour. Areas on the Atlantic Coast, near the Gulf of Mexico, as well as parts of the Southwestern United States are vulnerable to hurricanes. The Atlantic hurricane season lasts from June to November and peaks between August and October. The Eastern Pacific hurricane season begins mid May and also ends in November. This page provides information on hurricane warnings, hazards that hurricanes cause, and precautions that workers and employers should take after a hurricane has occurred.

The Preparedness page outlines the warnings and watches used for hurricanes, including the five categories used to rate the strength of a hurricane. The page also contains information on creating evacuation plans and supply kits.

The Response/Recovery page features a link to OSHA’s Hurricane eMatrix, which features information on hazard exposures and risk assessments for hurricane response and recovery work. The information in the matrix is organized based on the types of activities performed so that it is easy for workers to identify the precautions they should take based on the tasks they will be performing.

OSHA and NOAA are working together on a public education effort aimed at improving the way people prepare for and respond to severe weather. This page is designed to help businesses and their workers prepare for hurricanes, and to provide information about hazards that workers may face during and after a hurricane.

Employer Responsibilities

Each employer is responsible for the safety and health of its workers and for providing a safe and healthful workplace for its workers. Employers are required to protect workers from the anticipated hazards associated with the response and recovery operations that workers are likely to conduct. For additional information on Workers’ Rights, Employer Responsibilities, and other services OSHA offers, visit OSHA’s Employers PageWorkers Page and Publications.

Workers’ compensation cases fell during the pandemic, but home-based workers still have aches and pains

By STEPHEN SINGERHartford Courant

In the coronavirus pandemic that sent millions of employees home to begin new work routines, reports of occupational injuries that were expected failed to materialize.

Remote workers still have lower back aches, neck pains and other afflictions common to sedentary jobs. But many are not reporting their physical ailments, instead seeking health advice to avoid or treat musculoskeletal and other problems.

The Hartford Financial Services Group Inc., which handles about 1 million workers’ compensation and disability insurance claims a year, said the number of business customers seeking services to prevent work-from-home injuries jumped 200% in 18 months.

Vivienne Fleischer, co-founder and president of Performance Based Ergonomics, a consulting firm in the San Francisco area, said her company faces a “tidal wave” of requests for virtual ergonomic help and advice.

She, too, said an “anticipated uptick” in workers’ compensation cases has not been reported.

Mary Nasenbenny, chief claims officer at The Hartford, said employees who would be unable to go to the office because of lower back aches or shoulder pains have instead, as remote workers, accommodated themselves at home and kept working.

The Hartford expected rising claims “because people were sitting at their couches without the proper keyboard, without the proper chair height,” she said. Expectations of musculoskeletal problems and injuries were the focus of a “lot of talk” early in the pandemic and employers “caught on quickly,” providing ergonomic help and advice, she said.

Fleischer said cases of eye strain; neck, shoulder and lower back pain; even ear fatigue from too-frequent use of ear buds were the highest she’s seen in more than 20 years. The aches and pains did not end up in workers’ compensation claims, she said. She believes employees who prefer working from home balked at reporting injuries to avoid a forcedreturn to offices.

“They’re not going to HR to report things,” Fleischer said. “They might say ‘I need support. My back hurts. I need a new chair.’”

In Connecticut, 3,574 workers’ compensation claims related to COVID-19 were reported as of May, more than double the 1,454 in September 2020. More than 21,000 non-COVID-19 claims were reported as of May.

The exodus from offices left employers and employees unprepared, Fleischer said. Some clients had to work around roommates or were forced to do their jobs from their cars, off a yoga mat, even in a hammock.

“People were struggling to find comfort and privacy,” Fleischer said.

Nasenbenny said workers in The Hartford’s claims organization have been working remotely for years, while other employers had no experience advising workers about how to set up a home office.

“So we thought, boy there are a lot of rookies, employers that are going to be doing it or trying it for the first time and maybe not having all of the tools that they needed,” she said.

The Hartford offers virtual ergonomic assessments, health reviews, an analysis of physical demands and on-site strength and conditioning programs. It also uses analytics to monitor medical conditions such as carpal tunnel syndrome, neck strain and tendonitis, which can afflict workers in the office or remotely.

In April 2020, just a month after COVID-19 began its spread in the U.S., the American Chiropractic Association surveyed its members and found 92% of respondents reported an increase in musculoskeletal conditions such as back pain and neck pain or knew of people who were having these issues as a result of working from home.

More than half of respondents, or 57%, said a lack of movement was the main reason for a rising number of musculoskeletal problems during the pandemic, followed by psychological stress, at 20%, and poor posture, 12%.

Kelly Ingram-Mitchell, president of Unify Health Services, which partners with The Hartford and other companies for injury prevention and post-injury treatment, said many businesses that budgeted for pandemic-related expenses such as temperature checks and lab testing services failed to anticipate a growing need to pay for workplace injury prevention services.

Businesses are now using work-from-home as a recruiting tool, Ingram-Mitchell said. Bosses are pitching a work-life balance, time for exercise and eating better than at the office, she said.

Workers’ Compensation Rates Continue to Decline

We once again find ourselves heading into a wonderful time of year.  A time which brings about goldening leaves on trees, a discernible chill on the morning breeze, pumpkin spice everything, and new workers’ compensation loss cots and rate sets!  So far 2022 is promising to bring about another wave of rate decreases. 

New York is first out of the gate, approving an overall rate decrease of 6.4% effective 10/1/2021.  The state advises that this loss cost revision reflects the experience of the two most recent policy years, as well as projected trends, benefit level changes, and changes in loss adjustment expenses.

According to the attached 2021 Loss Cost Filing the proposed loss cost change is based on the latest financial data reported by the Rating Board’s member carriers, which includes losses resulting from the COVID­19 pandemic, and was derived by applying Rating Board’s standard ratemaking methodology. The terrorism and catastrophe loss cost provisions have also been updated with this revision. However, no explicit load for the risk of pandemics is included.

Florida followed suite announcing on Friday, 8/27/2021 a proposed overall rate decrease of 4.9%.  If approved, these reduced rates will take effect on 1/1/2022.  This continues the trend of continually dropping rates which Florida has been witnessing since 2016. 

We will continue to monitor this activity and keep you informed as more states propose and approve the 2022 loss costs. 

Critical Infrastructure Cyberattacks on the Rise

Critical infrastructure cyberattacks are increasing in frequency according to Advisen’s loss database, and some experts are worried the worst is yet to come.

There are sixteen industry sectors in the United States that make up the country’s critical infrastructure. These sectors are considered so vital their incapacitation or destruction would have a debilitating effect on national security, economic security and/or national public health and safety, according to the United States’ Cybersecurity and Infrastructure Security Agency (CISA). Poisoned water supplies, opened dam floodgates and pipeline spills are a few of the many worst-case scenarios that could result from a cyberattack on critical infrastructure. The sectors that have been designated as critical infrastructure include the following:


  • Chemical
  • Commercial facilities
  • Communications
  • Critical manufacturing
  • Dams
  • Defense industrial base
  • Emergency services
  • Energy
  • Financial services
  • Food and agriculture
  • Government facilities
  • Health care and public health
  • Information technology
  • Nuclear reactors
  • Materials and waste
  • Transportation systems
  • Water and wastewater systems

Further, recent critical infrastructure attacks in Advisen’s loss database include:

  • A ransomware attack in June 2021 on JBS meatpacking temporarily shut down all operations. The meatpacking company—which processes roughly one-fifth of the nation’s meat supply—paid an $11 million ransom to become operational again.
  • A ransomware attack on the Colonial Pipeline, the nation’s largest fuel pipeline, occurred in May and temporarily shut down all operations, causing a temporary increase in gas prices in the United States. The Colonial Pipeline paid nearly $5 million in ransom to restore operations, although some of the ransom was later recovered, according to Advisen loss data.
  • Hackers briefly attempted to increase the levels of sodium hydroxide to a lethal amount as part of a February cyberattack on a water treatment plant in Florida. The plant operator quickly noticed the increase in sodium hydroxide levels and lowered it to the original amount, preventing anyone from being harmed, according to Advisen loss data

Frequency of Critical Infrastructure Cyberattacks

Unfortunately, cyberattacks on critical infrastructure are becoming increasingly common. Since 2008, the frequency of cyberattacks on critical infrastructure has been trending upwards, according to Advisen loss data. The drop-off in 2019 is likely due to a data lag and is not reflective of an actual decrease in frequency.
Looking specifically at the sectors designated as critical infrastructure, the utilities sector was the most frequent target of cyberattacks – accounting for 26% of total losses, according to Advisen loss data. Manufacturing had the second-highest percentage at 23%, followed by government entities (shown AS PUBLIC ADMINISTRATION) at 17%
The vast majority of critical infrastructure cyberattacks come from external sources. Unidentified external hackers account for the greatest percentage of these attacks at 39%, followed by nation-state attacks at 34%, according to Advisen data. These attacks typically involve malware.

*Advisen’s loss data is curated from a wide variety of public sources. Our collection efforts focus on larger and more significant cases. For this reason, the figures in this article may not be fully representative of all cases of this type.

OSHA Will Not Amend its COVID-19 ETS Despite CDC Guidance

OSHA recently determined it will not be making changes to the healthcare emergency temporary standard (ETS) after reviewing the latest guidance, science and data on COVID-19, and the recently updated CDC face mask guidance. However, OSHA will continue to monitor and assess the need for changes monthly.

OSHA determined that neither the CDC’s guidance on health care settings nor the underlying science and data on COVID-19 in health care settings has materially changed in a way to necessitate changes in the June 10, 2021 ETS.

Revised CDC Guidance

The CDC recently announced updates to its face mask guidelines, recommending that fully vaccinated individuals should wear a mask in public, indoor settings in areas where there is high or substantial COVID-19 transmission, including of the new coronavirus delta variant. Prior to this update, the CDC guidance allowed fully vaccinated individuals to stop wearing a mask in most settings.

OSHA’s Healthcare ETS

Since OSHA has not changed its requirements for the healthcare ETS, the face mask exceptions under the standard still apply. The healthcare ETS covers employers in various health care industries, such as hospitals, nursing homes, assisted living facilities, emergency responders, home health workers and employees in ambulatory care settings where suspected or confirmed COVID-19 patients are treated.

Next Steps

Health care employers should continue to monitor the OSHA website for updates on how changes in COVID-19 transmission affect agency policy and guidance. OSHA will continue to assess the need for changes monthly.

ETS Face Mask Exceptions:

Employees are not required under the healthcare ETS to wear face masks when:

  • They are alone in a room;
  • They are eating & drinking;
  • It is important to see a person’s mouth while communicating;
  • Employees are unable to wear face masks due to a medical necessity or condition; or
  • Use of a face mask presents a hazard to an employee of serious death or injury.

This is Why You Should Double Check Your Cyber Insurance Policy

Image

Whether a business is in healthcare, accounting, legal, real estate, manufacturing, etc., most of a business’ important assets are digital. (Government municipalities are included too.) To make matters complicated, it’s very common for these digital assets to be stored in various systems and locations, intertwined with a third party’s digital information. With so many opportunities for disaster, steps must be taken to insure this critical information.

Cyber insurance is a new frontier that is rapidly evolving as the industry gets its bearings. Many companies are finding that their current cyber policies have very minimal coverage in case of a cyber breach, and the majority of these policies will not come close to providing the necessary breach coverages to the business or municipality.

When looking at your existing or new cyber policy, it’s important to consider these types of coverages:


As we have come to realize, the idea that security starts and ends with the purchase of a pre-packed firewall is simply misguided

Art Wittman

1. Privacy Breach Notification

Some reports estimate the notification and credit monitoring costs alone are over $100 per record, so if you had 1,000 compromised records, this alone could cost $100,000 or more.

2.Data Loss Restoration

Believe it or not, many large insurance carriers have policy exclusions for the replacement and restoration of data, so be very careful in this area when reviewing your policy.

3. Privacy Liability

This covers for the theft or loss of private information related to customers and other third-party information that is in your care.

4. Regulatory and PCI Defense

Many industries are under strict regulatory control, and breaches may result in fines and other penalties from these regulatory agencies.

5. Public Relations

If an enterprise has a breach, the bad press they receive can do significant long term reputational damage and can also be used by competitors to their advantage. This coverage will help hire a public relations firm to mitigate the reputational damage your name brand might incur.

6. Cyber Crime

If your organization is threatened with various cyber threats such as malicious code that will result in financial loss or data loss, this coverage is needed for the reimbursement of the costs associated with these threats.

7. Defense and Settlement costs

A breach affecting a lot of customers may result in lawsuits and financial settlements, so insurance coverage is needed to offset these potentially enormous costs.

8. Consulting and Forensic Fees

If a breach does occur, the upfront investigative process will require a lot of professional expertise and a lot of money, and this specific coverage will offset these significant costs.

9. Business Continuity

If a hack causes your business to lose income, this coverage will reimburse you for these losses.

It takes 20 years to build a brand or company reputation and a few minutes within a cyber incident to ruin it

Stephane Nappo

For a free cyber insurance policy evaluation, contact Libertate Insurance today at 813-367-7574 or email me, James Buscarini at jbuscarini@libertateins.com.

Our professionals are happy to review and discuss your firm’s existing cyber liability insurance policy and the relation to your unique business requirements, needs and cyber coverage. Our goal is to help your PEO and client companies navigate the cyber liability insurance landscape and identify potential vulnerabilities that could be exposed based on your existing technology network and infrastructure. Finally, we want to make sure that in the event of a ransomware attack, business email compromise or phishing expedition your firm has adequate coverage in each of the areas that you might be vulnerable to be targeted in.