Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

The Rising Threat from Insiders – Get Your House in Order

What is Insider Threat?

As its name implies, an ‘Insider Threat’ originates inside an organization. An ‘insider’ is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. ‘Insider threat’ can manifest from malicious, complacent, negligent or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. Certainly, ‘Insider Threat’ can be an activity by a bad actor employee, but can also arise from an inadvertent or unknowing action inside an organization (such as an employee who unintentionally opens a phishing email or clicks on a malicious link).

Rising Frequency; Rising Costs.

Protecting against ‘Insider Threat’ is a data security concern for all organizations. The realities facing organizations today include:

  • The frequency and cost of preventing insider attacks is rising;
  • User negligence is the most common cause of a data breach; and
  • Insider threat deterrence must become a key element in a cybersecurity posture.

According to a 2020 study[1], the average global cost of ​insider threats​ rose by ​31% in two years and the frequency of these incidents spiked by ​47%​ in the same time period. The risk is also present for small and medium sized businesses (SMBs). While 72% of organizations reported an increase in insider attacks in 2020, 66% of key decision makers in SMBs do not think breaches are likely to occur. Only 14% of SMBs have any kind of breach defenses in place; the rest are vulnerable to potentially devastating cyberattacks[2]. While daunting, the reality of modern business dictates that companies of all sizes, in all industries, must be cognizant of cybersecurity issues and prepare accordingly.

How can your company guard against Insider Threat?

The following is a brief list of action items your company should implement to address ‘Insider Threat’:

  • Put it in writing – An organization’s security policy should include procedures to prevent and detect misuse of company resources, guidelines for conducting insider investigations, and the potential consequences to the individual. Written policies not only preserve continuity, but also clearly outline rules and expectations in the organization.
  • Train and educate – The Identity Management Institute states that employee education remains key to breach prevention, including cybersecurity awareness during onboarding and routine drills to practice attack and breach responses.
  • Dictate Acceptable Use – An organization should detail an organization’s rules and expectations regarding technology use. This includes considering acceptable behavior on networks and devices.
  • Be transparent about employee privacy expectations - Organizations need to balance reducing insider threats and protecting employee privacy. Communicate and educate employees regarding the security policy and IT rules. Explain the program's objectives, while training employees about their role in security.
  • Get Technical – Invest in IT and consult with legal and technical cybersecurity professionals to find a solution that works for your organization.

Prudent businesses will create and maintain written policies as it relates to cybersecurity and data protection. BMD can assist in crafting the policies and identifying proper security frameworks and connecting you with technical experts to implement. 

If you have any questions about whether your cybersecurity risks, and whether your business is protected, please contact BMD’s Cybersecurity Practice Leaders, Brandon Pauley at btpauley@bmdllc.com or Kyle Johnson at kajohnson@bmdllc.com.

[1] https://www.proofpoint.com/uk/resources/threat-reports/2020-cost-of-insider-threats and Cybersecurity Insiders’ 2020 Insider Threat Report.

[2] https://identitymanagementinstitute.org/government-cybersecurity-and-insider-threats/

New York, Kansas, Massachusetts, and Delaware Become the latest States to Adopt Full Practice Authority for Nurse Practitioners

While the COVID-19 pandemic certainly created many obstacles and hardships, it also created many opportunities to try doing things differently. This can be seen in the instant rise of remote work opportunities, telehealth visits, and virtual meetings. Many States took the challenges of the pandemic and turned them into an opportunity to adjust the regulations governing licensed professionals, including for advanced practice registered nurses (APRNs).

Explosive Growth in Pot of Gold Opportunity for Bank (and Other) Cannabis Lenders Driving Erosion of the Barriers

Our original article on bank lending to the cannabis industry anticipated that the convergence of interest between banks and the cannabis industry would draw more and larger banks to the industry. Banks were awash in liquidity with limited deployment options, while bankable cannabis businesses had rapidly growing needs for more and lower cost credit. Since then, the pot of gold opportunity for banks to lend into the cannabis industry has grown exponentially due to a combination of market constraints on equity causing a dramatic shift to debt and the ever-increasing capital needs of one of the country’s fastest growing industries. At the same time, hurdles to entry of new banks are being systematically cleared as the yellow brick road to the cannabis industry’s access to the financial markets is being paved, brick by brick, by the progressively increasing number and size of banks that are now entering the market.

2021 EEOC Charge Statistics: Retaliation & Impact of Remote Work

The U.S. Equal Employment Opportunity Commission (EEOC) released its detailed information on workplace discrimination charges it received in 2021. Unsurprisingly, for the second year in a row, the total number of charges decreased as COVID-19 either shut down workplaces or disconnected employees from each other. In 2021, the agency received a total of approximately 61,000 workplace discrimination charges - the fewest in 25 years by a wide margin. For reference, the agency received over 67,000 charges in 2020, and averaged almost 90,000 charges per year over the previous 10 years.

Ohio’s Managed Care Overhaul Delayed – New Implementation Timeline

At the direction of Governor Mike DeWine, the Ohio Department of Medicaid (ODM) launched the Medicaid Managed Care Procurement process in 2019. ODM’s stated vision for the procurement was to focus on people and not just the business of managed care. This is the first structural change to Ohio’s managed care system since the Centers for Medicare & Medicaid Services' (CMS) approval of Ohio’s Medicaid program in 2005. Initially, all of the new managed care programs were supposed to be implemented starting on July 1, 2022. However, ODM Director Maureen Corcoran recently confirmed that this date will be pushed back for several managed care-related programs.

Laboratory Specimen Collection Arrangements with Contract Hospitals - OIG Advisory Opinion 22-09

On April 28, 2022, the Department of Health and Human Services, Office of Inspector General (“OIG”) published an Advisory Opinion[1] in which it evaluated a proposed arrangement where a network of clinical laboratories (the “Requestor”) would compensate hospitals (each a “Contract Hospital”) for specimen collection, processing, and handling services (“Collection Services”) for laboratory tests furnished by the Requestor (the “Proposed Arrangement”). The OIG concluded that the Proposed Arrangement would generate prohibited remuneration under the federal Anti-Kickback Statute (“AKS”) if the requisite intent were present. This is due to both the possibility that the proposed per-patient-encounter fee would be used to induce or reward referrals to Requestor and the associated risk of improperly steering patients to Requestor.