Amity Insurance LogoIn response to the ever-evolving cyber marketplace and the explosive financial impact to mitigate losses caused by cyber attacks launched at law firms, the NHBA Insurance Agency (Amity Insurance) and Federal Insurance Co. (CHUBB Group of Ins.) are offering members of the NHBA an exclusive solution.

Amity has exclusively endorsed Chubbs cyber policy.  The policy features an array of coverages to protect your firm’s assets, client sensitive data, and proprietary information.  This program is available to all firms’ 1-50 attorneys — with premiums starting at $1,000 and deductibles of $2,500 and higher.

Chubb Three Year Average Costs of First Party Expenses

Existing Lawyers Professional Liability policies provide little to no coverage for Cyber Liability. LPL policies are not created nor geared to handle cyber losses. The pitfalls in LPL policy limits, exclusions, and, coverage gap weakness create a significant need for this new cyber offering to all NHBA members.

Coming soon, in Edition 2, will be specific program details, including, limits, deductible, endorsements, premiums, coverage highlight, claims scenarios and further examples on “why buy” solutions. A couple of Basic Concerns for Law Firms:

1) Cybersecurity: 55% of law firms had either not implemented email encryption or were unaware if their email server encrypted data. Only 39% used two-factor authentication, and just 45% used an intrusion detection system.

2) Vendor and subcontractor HIPPA compliance: Only 6 of 10 law firms had a current Business Associate Agreement in place with sub-contractors ensuring they have proper training on the handling of PHI. Only 58% said their off-site data backups complied with HIPAA regulations. Under the Omnibus Rule business associates will be held responsible for the actions of their vendors and sub-contractors.

3) Personal Healthcare Information access controls: Just under half of the law firms said they kept PHI access logs. Only 46% reviewed and maintained PHI logs on remote devices and ensured data was securely erased when no longer needed. Without knowing where and when PHI is accessed, firms cannot conduct the appropriate risk analysis required under the rules.


Above information on HIPPA was prepared by Peter J. Rossi, Esq. of Cipriani & Werner.


More Information: 

Please contact Chris Willis (617)510-9908 and or Sue Morand, or by phone (603)715-3204.