Follow Us
Join our newsletter
Get the latest news delivered to your inbox.
Cybercrime and Benefits Plans
May 24, 2022
According to recent estimates from the University of Maryland, there is a cyberattack every 39 seconds. Data breaches and cyberattacks are daily headlines—and employee benefits plans are no exception to that threat.
In fact, employee benefits plans are even more vulnerable as the coronavirus pandemic continues. Organizations and benefits providers are relying heavily on electronic access, ultimately creating new vulnerabilities.
The Risks
Virtually any type of employee benefits plan is vulnerable to hackers. The plans can be exposed to risks relating to privacy, security and fraud.
Retirement, savings and health plans are attractive targets for cybercriminals seeking access to plan assets and the personal information of participants and beneficiaries. Sensitive information is valuable information when it comes to cyberattacks.
Benefits plans are at risk as a result of the following factors:
- Personally identifiable information such as Social Security numbers, birthdates and email addresses have significant value to hackers. That information can be misused over a long period of time since it is permanently associated with an individual.
- Financial information, including enrollment data, account balances, direct deposit information and compensation are highly attractive. Hackers could target those online accounts to request loans, distributions and withdrawals.
- Lastly, there are multiple attack points for hackers since benefit plans are connected to several outside service providers, such as those that offer retirement plans, health insurance, vision insurance, dental insurance, short-term or long-term disability insurance, and flexible spending accounts.
Some examples of cyberthreats include phishing, malware and ransomware attacks. Lost or stolen mobile devices, laptops and flash drives that hold personal information are additional tangible threats to benefits plans.
The Consequences
Cyberattacks on benefits plans can have substantial consequences for all parties involved. Consider the following:
- Significant costs may be incurred in detecting the extent of the breach, investigating and managing the incident response, recovering compromised data and restoring overall system integrity.
- The theft of personally identifiable information and other plan assets may result in monetary losses to participants, beneficiaries, the plan, the plan sponsor and service providers.
- Organizations may experience operational disruption and reputation damage as a result of a security breach. Additional costs will be incurred to respond to and resolve either of those issues.
- Breaches of health plans may result in potential violations of the federal law that restricts release of medical information, exposing the plan sponsor and service providers to fines.
Mitigating Risks
As many employees and providers may be working from home, it’s especially important to understand cyberthreats and how to proactively protect sensitive organization and employee information. To mitigate cyber risks, consider the following measures:
- Properly monitor technology. To better protect and control data, it’s important to maintain up-to-date technology across the organization. Identify current vulnerabilities by conducting a gap analysis, penetration testing or other assessments.
- Educate employees. Start with properly training employees, especially those who are working remotely, on how to handle personnel data. This could be as simple as compiling and sharing cybersecurity tips. Think about physically protecting electronic devices and information (e.g., locking laptops and hiding information on camera) in addition to secure document storage and destruction. Pay special attention to common risks like passwords, attachments and Wi-Fi networks. Employees should always be vigilant, but may have their guards down while working from home.
- Educate participants. Similar to the points above, it’s important to educate participants about cybersecurity and different kinds of potential threats. It’s a good idea to thoroughly explore and ask questions about service providers’ security policies.
To shift cyber risks, consider the following measures:
- Review contracts. Legacy contracts don’t consider modern-day cyber risks. It’s important to review contractual arrangements to ensure vendors provide an appropriate level of protection against cyber risks.
- Obtain comprehensive insurance policies. Cyber liability insurance covers financial losses that result from data breaches and other cyber incidents. Most policies include both first-party and third-party liability coverages. It’s important to review and understand business insurance policies to understand whether additional coverage is needed.
With many employees working remotely as a result of the pandemic, plan sponsors should consider updating work-from-home policies to include cybersecurity clauses.
Other Considerations
Open enrollment season is a good time to carefully review organization and vendor security technology and policies, along with any contracts, insurance or other coverage. All parties involved should have adequate data protection strategies in place.
Always be prepared for the worst to happen. In the unfortunate event of a security breach, it’s important to be prepared with a basic communication and action plan. Even better, incorporate security breaches in an organization’s comprehensive reputation management plan. Keep in mind all internal and external audiences, and appropriate actions to protect information and restore overall system integrity. If not handled quickly and appropriately, reputational damage could be an additional threat to all parties involved in employee benefits plans.
Click here to download a pdf of the Top Tips to Avoid Cyberattacks.
To learn more about mitigating cyber risks in today’s digital world, contact SimcoHR today.
Sign up for our newsletter.
Overview of the New Ruling New York employers are once again required to provide a notice in their employee handbooks about reproductive health rights following a recent ruling from the U.S. Court of Appeals for the Second Circuit. The ruling vacated a previous permanent injunction that had blocked the enforcement of the law, meaning employers must now comply with the New York Reproductive Health Bias Law (Labor Law § 203-e). Reproductive Health Bias Law Requirements The Reproductive Health Bias Law was enacted in November 2019 to ensure employees and their dependents can make reproductive health decisions without facing discrimination in the workplace. The law prohibits employers from taking retaliatory actions against employees regarding their reproductive health decisions and requires employers to keep employees' reproductive health information confidential unless there is prior written consent. Under the law, employers must include a notice in their employee handbooks informing employees of their rights and remedies under the Act. This is an essential update that must be made to comply with the law. Impact of the Second Circuit Ruling Religious organizations had challenged the law, arguing that the notice requirement violated their First Amendment rights. However, the Second Circuit disagreed, ruling that the notice requirement was lawful and similar to other workplace disclosure laws. The court noted that while the policy motivating the law may be controversial, the law itself and the obligation for employers to comply are not in question. Action Required for Employers Even though there is no specific penalty for failing to comply with the notice requirement, employers are encouraged to review and update their employee handbooks in light of the court's ruling to ensure they are compliant with the law. For Simco Clients: For clients who utilize Simco’s employee handbook services, rest assured this requirement is already included, and no additional steps are needed.
Pre-employment drug testing is a hiring practice that has sparked debate in recent years. While some industries rely on it for safety and compliance, others are rethinking its necessity—especially as marijuana laws evolve. If you're actively job searching, knowing what to expect can help you prepare, avoid surprises, and understand your rights. Who Still Requires Drug Testing? Not all industries conduct pre-employment drug testing, but for certain roles, it's still a non-negotiable requirement. Some of the most common sectors where testing remains standard include: Transportation & Public Safety – Truck drivers, pilots, transit operators, and law enforcement Healthcare & Childcare – Nurses, physicians, pharmacists, and daycare providers Government & Military Contracts – Federal employees, military personnel, and defense contractors Manufacturing & Construction – Heavy equipment operators and industrial workers handling hazardous materials However, policies vary widely even within these industries. Some companies are now loosening restrictions for non-safety-sensitive positions, recognizing that outdated drug testing policies may limit their talent pool. What Substances Are Typically Screened? Most pre-employment drug tests screen for common illicit substances, but the depth of testing can vary. Standard screenings include: Five-Panel Test – Detects marijuana, cocaine, amphetamines, opiates, and PCP Expanded Panel Tests – Can include benzodiazepines, barbiturates, synthetic opioids, and even alcohol Employers may use different types of tests, including urine, saliva, blood, or hair follicle analysis. Hair follicle testing, for example, can detect drug use from months prior—something applicants should be mindful of. The Evolving Landscape of Marijuana Testing One of the most significant changes in pre-employment drug testing involves marijuana. With over half of U.S. states legalizing marijuana in some form, companies are reevaluating their stance. Some states prohibit employers from disqualifying candidates for off-duty marijuana use. Other states still allow testing but require employers to prove impairment, not just presence. Federally regulated positions, such as those in transportation, maintain strict no-tolerance policies. This shift means that while some applicants may no longer face automatic disqualification for marijuana use, it’s still important to know an employer’s policy before assuming it won’t impact hiring decisions. What Happens If You Fail a Pre-Employment Drug Test? The consequences of failing a drug test depend on multiple factors, including company policy, industry regulations, and state laws. In regulated industries (e.g., transportation, healthcare, federal employment), a failed test almost always results in immediate disqualification. Some employers allow re-testing or a waiting period before reapplying, particularly for marijuana use in certain states. If you have a valid prescription for a tested substance (e.g., opioids or ADHD medication), you may need to provide documentation to avoid disqualification. Additionally, some companies offer assistance programs or second-chance policies, especially if an applicant is upfront about past use or addiction recovery. Do Employers Really Benefit from Drug Testing? With the workforce evolving, many companies are questioning whether traditional drug testing policies still serve their intended purpose. Some argue that testing reduces liability, improves workplace safety, and ensures reliable employees. However, others believe that outdated policies exclude qualified candidates, especially in a competitive job market. The Arguments for Drug Testing: Reduces workplace accidents in safety-sensitive roles Ensures compliance with federal and industry regulations Discourages drug use in high-responsibility positions The Arguments Against Drug Testing: May eliminate qualified candidates for non-safety-sensitive roles Does not account for impairment vs. past use (especially with marijuana) Can be costly and time-consuming for employers Companies that still require drug testing must weigh these factors and ensure their policies align with modern workforce expectations. The Future of Pre-Employment Drug Testing The debate over drug testing isn’t going away anytime soon. As laws and attitudes continue shifting, companies may move toward impairment-based testing rather than zero-tolerance screening. This means job seekers should stay informed, especially in industries where testing is likely to remain a requirement. For now, the best approach is to understand employer expectations, know your legal protections, and be prepared for potential screenings as part of the hiring process.
Workplace Posting for Form 300A Begins February 1 Employers with 11 or more employees at any point in 2024 must display the Occupational Safety and Health Administration (OSHA) Form 300A, Summary of Work-Related Injuries and Illnesses, from February 1 to April 30. Even if no recordable incidents occurred in 2024, this posting is mandatory. The form must be certified by a company executive and displayed prominently in each workplace where employee notices are typically posted. Certain businesses are exempt from OSHA’s regular recordkeeping requirements, including this posting, if they employ 10 or fewer people or if their primary business activity is considered low hazard according to OSHA's guidelines. A full list of low-hazard industries, categorized by NAICS codes, is available here . However, even exempt companies must report fatalities or incidents resulting in hospitalization, amputation, or loss of an eye. Electronic Submission of Form 300A Due by March 2 Businesses with 250 or more employees from the previous year, or those with 20-249 employees in high-risk industries, must submit their Form 300A data electronically through OSHA's Injury Tracking Application (ITA) by March 2, 2025. This requirement applies based on the number of employees at a specific location, not the entire company. Employers under State Plans are also required to submit electronically. Exemptions from this electronic submission apply to employers who: Are exempt from OSHA's regular recordkeeping rules. Had fewer than 20 employees in the past year. Had between 20 and 249 employees but aren’t in the designated high-risk industries. Additional resources, FAQs, and access to the ITA are available on OSHA’s ITA page . Submission of Forms 300 and 301 Required by March 2 Employers in high-hazard industries with 100 or more employees are required to submit data from both their Form 300 (Log of Work-Related Injuries and Illnesses) and Form 301 (Injury and Illness Incident Report) through the ITA, in addition to their Form 300A submission. Help with Coverage Determination Employers can use OSHA’s ITA Coverage Application to assess whether they need to submit injury and illness data electronically or refer to the State Plan for specific reporting requirements.
Have a question? Get in touch.
Our Services.
From the Blog.
Overview of the New Ruling New York employers are once again required to provide a notice in their employee handbooks about reproductive health rights following a recent ruling from the U.S. Court of Appeals for the Second Circuit. The ruling vacated a previous permanent injunction that had blocked the enforcement of the law, meaning employers must now comply with the New York Reproductive Health Bias Law (Labor Law § 203-e). Reproductive Health Bias Law Requirements The Reproductive Health Bias Law was enacted in November 2019 to ensure employees and their dependents can make reproductive health decisions without facing discrimination in the workplace. The law prohibits employers from taking retaliatory actions against employees regarding their reproductive health decisions and requires employers to keep employees' reproductive health information confidential unless there is prior written consent. Under the law, employers must include a notice in their employee handbooks informing employees of their rights and remedies under the Act. This is an essential update that must be made to comply with the law. Impact of the Second Circuit Ruling Religious organizations had challenged the law, arguing that the notice requirement violated their First Amendment rights. However, the Second Circuit disagreed, ruling that the notice requirement was lawful and similar to other workplace disclosure laws. The court noted that while the policy motivating the law may be controversial, the law itself and the obligation for employers to comply are not in question. Action Required for Employers Even though there is no specific penalty for failing to comply with the notice requirement, employers are encouraged to review and update their employee handbooks in light of the court's ruling to ensure they are compliant with the law. For Simco Clients: For clients who utilize Simco’s employee handbook services, rest assured this requirement is already included, and no additional steps are needed.
Pre-employment drug testing is a hiring practice that has sparked debate in recent years. While some industries rely on it for safety and compliance, others are rethinking its necessity—especially as marijuana laws evolve. If you're actively job searching, knowing what to expect can help you prepare, avoid surprises, and understand your rights. Who Still Requires Drug Testing? Not all industries conduct pre-employment drug testing, but for certain roles, it's still a non-negotiable requirement. Some of the most common sectors where testing remains standard include: Transportation & Public Safety – Truck drivers, pilots, transit operators, and law enforcement Healthcare & Childcare – Nurses, physicians, pharmacists, and daycare providers Government & Military Contracts – Federal employees, military personnel, and defense contractors Manufacturing & Construction – Heavy equipment operators and industrial workers handling hazardous materials However, policies vary widely even within these industries. Some companies are now loosening restrictions for non-safety-sensitive positions, recognizing that outdated drug testing policies may limit their talent pool. What Substances Are Typically Screened? Most pre-employment drug tests screen for common illicit substances, but the depth of testing can vary. Standard screenings include: Five-Panel Test – Detects marijuana, cocaine, amphetamines, opiates, and PCP Expanded Panel Tests – Can include benzodiazepines, barbiturates, synthetic opioids, and even alcohol Employers may use different types of tests, including urine, saliva, blood, or hair follicle analysis. Hair follicle testing, for example, can detect drug use from months prior—something applicants should be mindful of. The Evolving Landscape of Marijuana Testing One of the most significant changes in pre-employment drug testing involves marijuana. With over half of U.S. states legalizing marijuana in some form, companies are reevaluating their stance. Some states prohibit employers from disqualifying candidates for off-duty marijuana use. Other states still allow testing but require employers to prove impairment, not just presence. Federally regulated positions, such as those in transportation, maintain strict no-tolerance policies. This shift means that while some applicants may no longer face automatic disqualification for marijuana use, it’s still important to know an employer’s policy before assuming it won’t impact hiring decisions. What Happens If You Fail a Pre-Employment Drug Test? The consequences of failing a drug test depend on multiple factors, including company policy, industry regulations, and state laws. In regulated industries (e.g., transportation, healthcare, federal employment), a failed test almost always results in immediate disqualification. Some employers allow re-testing or a waiting period before reapplying, particularly for marijuana use in certain states. If you have a valid prescription for a tested substance (e.g., opioids or ADHD medication), you may need to provide documentation to avoid disqualification. Additionally, some companies offer assistance programs or second-chance policies, especially if an applicant is upfront about past use or addiction recovery. Do Employers Really Benefit from Drug Testing? With the workforce evolving, many companies are questioning whether traditional drug testing policies still serve their intended purpose. Some argue that testing reduces liability, improves workplace safety, and ensures reliable employees. However, others believe that outdated policies exclude qualified candidates, especially in a competitive job market. The Arguments for Drug Testing: Reduces workplace accidents in safety-sensitive roles Ensures compliance with federal and industry regulations Discourages drug use in high-responsibility positions The Arguments Against Drug Testing: May eliminate qualified candidates for non-safety-sensitive roles Does not account for impairment vs. past use (especially with marijuana) Can be costly and time-consuming for employers Companies that still require drug testing must weigh these factors and ensure their policies align with modern workforce expectations. The Future of Pre-Employment Drug Testing The debate over drug testing isn’t going away anytime soon. As laws and attitudes continue shifting, companies may move toward impairment-based testing rather than zero-tolerance screening. This means job seekers should stay informed, especially in industries where testing is likely to remain a requirement. For now, the best approach is to understand employer expectations, know your legal protections, and be prepared for potential screenings as part of the hiring process.
Our Company.
Sign up for our Newsletter.
Designed and Developed by Vessel Digital Marketing