The U.S. Department of Labor (DOL) has confirmed that its cybersecurity guidance applies to all employee benefit plans, including retirement plans and health and welfare plans. Employee benefit plans covered by ERISA often hold millions of dollars or more in assets and store and transfer participants’ personally identifiable data, which can make them tempting targets for cybercriminals.
Plan fiduciaries of ERISA-covered plans have an obligation to ensure proper mitigation of cybersecurity risks. Because employers often rely on service providers to maintain employee benefit plan records and keep participant data confidential and secure, they should ensure they use service providers that follow strong cybersecurity practices.
The DOL’s cybersecurity guidance includes tips for hiring plan service providers, cybersecurity program best practices, and online security tips.
A new wave of litigation highlights the importance of employers’ adherence to their fiduciary duties when managing their group health plans, especially as it relates to prescription drug benefits. These lawsuits remind employers that they must act prudently to select and monitor health plan service providers, such as pharmacy benefit managers (PBMs). The cybersecurity guidance can help employers decide on the service providers they use, including PBMs.
Contact us to see how you could minimize risk:
- |