Category Archives: Crime

Massive Workers’ Compensation-Referral Scheme

The Orange County District Attorney’s Office filed felony fraud charges against 10 attorneys and 6 others Monday in what prosecutors say is a massive workers’ compensation-referral scheme with more than 33,000 patients and an estimated $300 million-plus in insurance payouts received.workers' comp scheme law jail

DA Tony Rackauckas said the charges were the start of an investigation by his office and the California Department of Insurance, which scrutinizes the role medical providers played in an alleged fraud ring that targeted mostly Spanish-speaking communities.

“This type of fraud factory drives up the prices of workers’ compensation insurance and drives businesses out of California,” Rackauckas said Monday, June 5.

Prosecutors allege that at the center of the ring were businesses run by Carlos Arguello III, 35, of Tustin and Edgar Gonzalez, 50, of Anaheim.

In 2005, Arguello formed an advertising company, Centro Legal Internacional, which Rackauckas accused of setting up illegal contracts with 20 to 30 attorneys who focused on workers’ compensation and personal injury.

The attorneys allegedly agreed to contract with companies owned by Arguello and Gonzalez, in return for employees, known as cappers, delivering the attorneys a minimum number of clients per month.

Attorneys are allowed to advertise, the district attorney explained, but the use of cappers to directly recruit for lawyers or medical providers is against the law.

Prosecutors allege that the cappers distributed a variety of fliers and business cards in predominantly Hispanic neighborhoods and at swap meets offering “free consultations” for those who believed they had suffered workplace injuries.

Read entire article: OC Register

Comments Off on Massive Workers’ Compensation-Referral Scheme

Filed under Crime, Workers' Compensation

The Ransomware Dilemma: Is Paying Up a Good Idea?

The ongoing fight against ransomware attacks and the cyber criminals perpetuating this menace is more than a full-time job. In a cyber world without boundaries, ransomware has become a worldwide problem where no organization is immune to victimization.

According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, these attacks have spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the effects are mounting: the FBI reported ransomware-driven losses of $18 million over a 15-month period in 2014 and 2015.

The way ransomware works is by making an infected device unusable by locking the screen or system, encrypting its data and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. Payment is usually demanded in the form of bitcoins, a virtual currency that is untraceable.

ransomware

This is apparently what happened at Hollywood Presbyterian Medical Center in California in early February 2016 when it fell victim to malware, which locked the hospital’s computer infrastructure. According to reports, to remain operational and continue providing patient care, the hospital was forced to use “old school” methods including paper records, faxing, and good old-fashioned pen and paper.

In a letter regarding the attack, following a bitcoin payment of $17,000, hospital CEO Allen Stefanek stated “…The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Click here to read the entire article: http://bit.ly/2c6mdvh

Comments Off on The Ransomware Dilemma: Is Paying Up a Good Idea?

Filed under Business Interruption Insurance, Claims, Crime, Hotel Industry, Insurance, Management And Ownership, Privacy, Technology, Theft

Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Petra CH&LA SAFE

Register today at CH&LA

Comments Off on Join Petra Risk Solutions at CH&LA’s S.A.F.E Forum & Expo

Filed under Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Risk Management, Theft, Training

Safety & Security Tips for Hotel Management

Providing an accommodating atmosphere that doesn’t compromise safety is the biggest challenge that hotels face. Achieving these goals requires a multifaceted plan that starts with staff training and guest education about safety and security issues. Management must also consistently enforce established security policies, such as allowing only registered guests on hotel property. Constant planning to stay ahead of these issues is also a must, especially when the hotel hosts public events.

hotel security

Control Access
Controlling access is an important part of hotel security planning to prevent criminals from stealing money and valuables from guest rooms. Management must train contractors and staff in controlling room key distribution and restricting access to registered guests only. During off-hours, security personnel should be stationed at all main access points to greet people, while deterring anyone with no business on the property, including disruptive or intoxicated non-guests.

 

Educate Guests
Hotel staff has a responsibility to educate guests about safety and security responsibilities. The challenge is getting the message across without negatively affecting the customer’s experience. For example, the bellman can stress the importance of locking hotel room doors to prevent strangers from entering. Front desk clerks can also discourage guests from actions that leave them vulnerable to thieves, such as flashing room keys or yelling room numbers across the lobby.

Patrol Public Areas
Technology has come a long way in helping hotels to upgrade basic security measures. Closed-circuit TV cameras with recording systems are essential for securing such busy public spaces as bars, docks, lounges, and parking lots. However, these areas also allow open access for disruptive persons, muggers and pickpockets. Active monitoring of the camera images by staff and proper lighting reduces the opportunities for such crimes. Offering a security concierge to escort guests also minimizes the risk of non-assaultive crimes, such as luggage thefts.

Advance Measures
Communicating basic safety and security measures becomes even more important at public events such as conventions, where travelers may feel as if they’re leaving real world dangers behind. To head off problems, management should send advance communiques to event attendees. The notices should contain basic safety tips, such as the need for locking doors, not leaving cellphones and laptops unattended, and being alert in public areas.

For more info: ( http://bit.ly/2agiHgI )

Comments Off on Safety & Security Tips for Hotel Management

Filed under Crime, Guest Issues, Management And Ownership, Risk Management

What’s your data breach response plan?

data breach

While businesses prefer to avoid cyber perpetrators entirely, these days nearly all organizations are at risk of a breach.

As the number of incidents (and claims) continues to rise, the prudent strategy is for firms to not only work diligently to prevent an intrusion, but also to have a plan in place to respond quickly and effectively if they suspect information has been compromised.

A data breach response plan proactively outlines the necessary actions a business must take, providing a framework that can be regularly matched against emerging risks and updated if the firm’s situation changes — for example, if additional staff are added in key data privacy or technology roles or if partnerships are formed that could change the way sensitive information is processed.

Developing a data breach response plan, one that is easy to follow and quick to implement, gives businesses time to prepare the necessary resources and mitigate the damage an exposure can inflict. Leaving key tasks to the last minute, such as scrambling to identify qualified outside legal counsel, is unwise and can significantly impact the timeliness and expense of a breach response. Likewise, pulling the plug on a single server without seeking guidance from an experienced technology expert may not shut down the unauthorized access that caused the exposure, thus leaving the business open to further harm. Worse, it may even erase key information a computer forensics company may need to assist the investigation. Getting the firm’s ducks in a row in advance of any breach is a far more effective cyber mitigation strategy.

One component of many small business breach response plans is accessing the financial and technical support available through a well-structured Cyber Liability insurance policy. Coverage options vary widely, so businesses (or the insurance broker) must carefully examine their needs before crafting a policy. For those firms with lean internal resources and thin financial margins, the right insurance can be a key asset when it comes to implementing a solid breach response plan. Below, three steps that will help organizations mitigate data breach disruptions before they occur.

1. Assemble the team

Who needs to be involved in responding to a breach? Before attempting to pull together more than a cursory list of post-exposure action items, it’s critical that the firm identify those individuals or groups that should be contacted in the event of a potential breach. The team will vary from one business to the next, but most organizations will want to include representatives from the executive group, legal (either internal or an outside consultant), privacy or information security, risk management, information technology, human resources and public relations.

Given the growing reliance on external partners — cloud providers, payroll processors and the like — firms should also consider where vendor touchpoints exist and how or when those third parties will contribute to the breach response process. They may need to be included on the contact list or they may even be responsible for raising the initial alarm if a breach occurs. It’s also important to ensure vendor contracts clearly spell out the company responsible when a breach occurs and who is liable for notifying those impacted. Other vendors are also commonly part of the response team, such as media relations consultants experienced in crisis management and notification firms with the resources necessary to quickly inform breach victims about the situation.

If the business has Cyber Liability coverage, the insurance company should also be part of the breach response plan. There are support services included in many policies that will be helpful in the event of an exposure, ranging from forensic investigation teams to data recovery specialists. To maximize the value of any applicable coverage, firms must be ready to access available features quickly and through the most efficient channels.

Click to read the article

Comments Off on What’s your data breach response plan?

Filed under Crime, Insurance, Liability, Management And Ownership, Risk Management

Successful Education Session at CH&LA SoCal Conference

Petra Risk Solutions had a successful education session at CH&LA‘s SoCal Conference. Todd Seiders, CLSD, Director of Risk Management, presented “Today’s Safety & Security Challenges for Hotels”. Over 100 people attended! They walked away educated and with a better understanding on how to handle phone scams, human trafficking situations, renting hotel room to minors, ADA scams, and the recent Erin Andrews/ privacy ruling.  Todd CH&LA NoCal & SoCal conference

Comments Off on Successful Education Session at CH&LA SoCal Conference

Filed under Claims, Conferences, Crime, Guest Issues, Hotel Employees, Hotel Industry, Hotel Restaurant, Insurance, Risk Management, Theft

Workplace Violence – How to Deal with a Disgruntled Ex-Employee

violence
You are an executive working intently in your office when your assistant calls and informs you that a disgruntled ex-employee has shown up at the facility with a weapon and is threatening violence.  Will you know what to do, or better yet, what not to do?

 

Workplace violence can be defined as any act that creates intimidating, hostile, and offensive or a threatening work environment through unwelcome words, actions or physical contact.  As we have seen on multiple occasions, workplace violence and active shooter occurrences have been on a steady incline in this country.  Are you and your company prepared?

There are two types of workplace violence that need to be taken into consideration. First is the external variety – criminal activity from a non-employee, client or customer.  Second is the internal variety of a problem employee, employee personal relationship, hostile individual due to disciplinary actions or a facility closing.  Be prepared by taking some very easy measures:

  • Have a  written policy that is known throughout your organization
  • Take the position of ‘no tolerance’ for this activity
  • Train employees and provide ongoing training
  • Make sure your plan protects first, then concentrates on compliance
  • Understand and effectively communicate the legal implications

The potential deadly situations are reasonably foreseeable and this should be the standard used for compliance and determination of liability. Understand what data you need to assist in the prevention of workplace violence.  You not only have a legal responsibility but the obligation to your workforce.  Negligent hiring, high-risk terminations, retention, security, and poor training open you and your organization to the possibility of a workplace violence incident.  Human resources plays a key role in your workplace violence plan through effective pre-employment screening, establishing discrete communications channels, an Employee Assistance Program and coordination with your security personnel regarding response plans.

Do not allow yourself to make these five critical mistakes:

  • Denial and avoidance
  • Not having a threat response plan
  • Acting too hastily
  • Lack of total workforce participation
  • Insufficient assessment process

Coordinate a case assessment team and make sure they understand their purpose, make-up, objectives, and documentation measures.  The need to recognize the behavioral warning signs that signal potential trouble and that evaluation of behavior is not ‘profiling’.

Protective measures include:

  • A facility security audit
  • Obtaining local crime statistics
  • Recording a history of incidents
  • Personnel training
  • General security awareness training
  • An established liaison with local law enforcement.

Remember, ignorance does not relieve an organization of responsibility.  In summation, an organization has a Duty of Care responsibility to their employees and must plan, train, recognize, manage and respond to this growing problem within the business community.

For more: http://bit.ly/1XAJN02

Comments Off on Workplace Violence – How to Deal with a Disgruntled Ex-Employee

Filed under Crime, Hotel Employees, Hotel Industry, Labor Issues, Management And Ownership, Risk Management, Training

What the Erin Andrews Lawsuit Means for Hoteliers

erin andrews

A jury’s decision this week to award sportscaster Erin Andrews $55 million in a civil suit against her stalker and the owner and management company of the Nashville hotel in which the man secretly videotaped her will have repercussions for the hotel industry for years to come, sources said.

In 2008, Michael David Barrett recorded Andrews while she was nude through the peephole of her hotel guestroom at the Nashville Marriott at Vanderbilt University. Barrett, who later pleaded guilty to felony stalking in 2009, discovered which room was Andrews’ and reversed the peephole in the door to see inside. The jury in Andrews’ civil suit found Barrett, as well as the owner of the hotel, West End Hotel Partners, and the management company, Windsor Capital Group, to be responsible.

Andrews had originally included Marriott International in her original suit; however, the court in Tennessee found that Marriott had no liability in the case, and dismissed it.

Stephen Barth, a professor of hospitality law at the Conrad N. Hilton College of Hotel and Restaurant Management at the University of Houston and founder of hospitalitylawyer.com, testified on behalf of the defense during the civil trial. The defendants in this case did what they were supposed to do, Barth said in an interview with HNN, and he believes that because the companies were focused and diligent on their policies, procedures and employee training, it gave the jury members pause during their deliberations.

With the outcome of the case, Barth stressed that just as before, it’s important for hoteliers to have the right policies and procedures in place as well as the proper training for staff to deal with guest privacy issues.

“You need to be able to demonstrate the training that went on, the frequency and outcomes,” Barth said. “How do you evaluate whether the training was effective? Ultimately, you have to be able to demonstrate this in a courtroom.”

Policies, procedures and training

David Samuels, partner at Michelman & Robinson, said one of the issues that jumped out at him in following the trial was whether the management company had the proper policies and procedures in place regarding guest privacy. He said he believes several jury members were bothered by the testimony of some hotel staff who couldn’t recall having those policies. Samuels followed the trial but was not directly involved in it.
At this point, all owners and operators should review how they’re running their properties and whether they have specific written policies and procedures in place.

“They need to have those and effectively train the staff on it,” Samuels said.

Along with having those policies in place, hoteliers should regularly update those policies based on legal developments, such as the Andrews case, according to Sylvia St. Clair, an associate with Faegre Baker Daniels. If there’s any question about whether a policy is in compliance with the law or industry standards, she said, contact legal counsel or the human resources department.

“Then ensure (that) new hires receive that training as well as existing employees,” she said.

If a front-desk associate receives a request for a guest’s private information, such as his or her guestroom number, St. Clair said the associate should know not to give that information out unless he or she is authorized to do so. The associate should know to contact his or her manager or supervisor with questions.

“You want a statement to give to (anyone) requesting information,” St. Clair said. “Make sure employees know if they are receiving these types of requests, and the person requesting is continually asking, they shouldn’t hesitate to get their manager or GM involved.”

After completing the training, St. Clair said, document the training in employees’ files to show they received the latest version of the policy and understand it.

House phone access

During the civil trial, there was a dispute over how Andrews stalker learned which guest room was hers, Samuels said.
Andrews attorneys argued her stalker learned from the front-desk staff, an allegation the associates denied during the trial. Her stalker, Barrett, said in a taped deposition that he figured out Andrews room number by using an internal house phone at the hostess stand in the hotel restaurant.

“Those are only supposed to be used by employees,” Samuels said.

Barrett called the front desk and asked to speak with Andrews, Samuels said, and when the line was connected, Andrews room number appeared on the phone’s LCD screen. Barrett then went to her floor, saw the room next to hers was being turned over and then requested at the front desk to be in that room.

“From a privacy standpoint, from a safety standpoint, hotel guests should never be allowed to use an internal house phone that displays the room number on an LCD screen,” Samuels said.

If guests need a house phone, he said, they should be directed to one without an LCD screen and it should connect to an operator.

Similarly, hotel employees should be aware of who may be looking over their shoulders when using phones that display room numbers, he said.

Red flags

In the plaintiff’s closing argument, Andrews attorneys asked why the front-desk staff was not more critical about someone asking for a specific room, especially one next door to Andrews, according to Christian Stegmaier, a shareholder at Collins & Lacy. Stegmaier followed the case but was not directly involved in it.
That argument might presume too much about Andrews’ fame at the time, he said, as the front-desk associate may not have put two and two together.

“The takeaway from all of that is when you have a prospective guest making very specific requests, like about specific rooms, you need to be critical (of it),” he said.

Asking some gentle questions might allow the associate to learn a little more about the person making the request and why that specific room is so important to them, Stegmaier said.

“From a management perspective, you need to empower your associates to use that kind of critical thinking,” he said. “You want to encourage that.”

That is doubly important when the front-desk staff is aware of any celebrities or dignitaries staying in the hotel, Samuels said. Any requests for a specific room adjacent to such guests should send up a “big, red flag,” he said.

For more: http://bit.ly/1VcP6UN

Comments Off on What the Erin Andrews Lawsuit Means for Hoteliers

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Liability, Management And Ownership, Privacy, Risk Management, Training

Congress Cracks Down on Hotel Scams

congress

Imagine you’ve been planning all year for your family vacation at the beach. You find the perfect hotel—a spacious room with a view of the ocean and a big pool for the kids—and book the room using an online travel site. The whole family is excited for a week of surf, sand, and relaxation.

Everything is going great until you arrive at the hotel. After a few minutes of clicking around on the computer, the front desk woman asks you to spell your name again. Her brow furrows, and you start to worry. You are exhausted and just want to crawl into a clean bed and get some sleep. What is going on with this hotel room?

Now the manager arrives to help. “When did you make this reservation?” she asks. You tell her and you hear her typing some more. “Could it be under another name?” You feel a sense of panic as you shake your head no. What could be happening?

Finally, the bad news: There is no reservation. The website where you made your booking was a fraud, and now your dream vacation has become a nightmare. Many vacationers, and hoteliers, find themselves in this exact situation. According to the American Hotel & Lodging Association, millions of fraudulent bookings are made every year as these deceptive websites and call centers mislead vacationers by giving the appearance of being connected to a hotel, but actually have no legal relation to the brand or lodging property.

For consumers, the fraud takes several different forms. Unassuming guests could be charged additional hidden fees when they arrive, fail to get the accommodations they requested, lose expected loyalty points, or worse, they could learn that their reservation was never actually made. In the last year alone, close to 15 million reservations were made on such deceptive sites, resulting in hotel guests finding themselves out hundreds of dollars for either a worthless reservation or one that delivered much less than promised. It is estimated that these scams have cost upward of $1.3 billion per year in lost reservations, extra fees or charges, lost rooms, and costly inconveniences.

As you know, hotels are often mistakenly blamed for these fake reservations. Though they do all they can to assist swindled travelers, their reputation suffers as these stories are shared online or by word of mouth.

For these reasons, I have introduced bipartisan legislation with U.S. Reps. Ileana Ros-Lehtinen (R-Fla.) and Bill Shuster (R-Pa.) in Congress to help crack down on call center and online hotel scams. First, our legislation would require all third-party hotel booking websites to disclose, clearly and conspicuously, that they are not affiliated with the hotel for which the traveler is ultimately making the reservation. This new requirement would help consumers tell the difference between name-brand hotel websites and fraudulent ones masquerading as name-brand sites.

Second, our legislation would give state Attorneys General the ability to go after perpetrators in federal court with the same remedies available to the Federal Trade Commission (FTC). Today, only federal authorities can fully penalize individuals who commit online hotel booking fraud. If the offense is small, federal authorities may forgo prosecution to go after more expansive crimes. Giving state Attorneys General the ability to pursue damages and restitution for victims will leverage the power of all 50 states to hold fraudsters of all levels accountable and deter criminals.

Our bill would also require two provisions to help illuminate the true extent of these crimes. It requires the FTC to produce a report on the impact of these fraudulent sites on consumers and it encourages the FTC to simplify its online complaint procedure for reporting hotel booking scams, a request we have recently made in a letter to FTC Chairwoman Edith Ramirez.

My colleagues and I understand that online fraud is a serious problem for not only consumers, but also the entire lodging industry. It is also an especially significant issue for Florida, which is the top travel destination in the United States. With that said, I look forward to continuing to work with the AH&LA to move this important legislation forward to Congress, and tackle these scams. This way, travelers can get back to their vacations and hotels can focus on providing the world-class services that the American hotel industry is known for.

 

For more: http://bit.ly/1Qgrg7k

Comments Off on Congress Cracks Down on Hotel Scams

Filed under Crime, Guest Issues, Hotel Industry, Management And Ownership, Technology

How to Ramp Up Employee Cybersecurity Training

employee

In 2015, the hotel industry suffered unprecedented cyberattacks. In one month alone, Hyatt Hotels Corporation, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings all fell prey to savvy cyber thievery.

Hyatt confirmed hackers used malware to collect cardholder names, card numbers, expiration dates and verification codes from at least 250 hotels globally. Just a few days after the company announced its planned merger with Marriott International, Starwood Hotels also stated malware had been used to steal credit and debit card data that was found on point-of-sale cash registers.

Hilton also began investigating credit card breaches at several of its properties, including its Hilton, Embassy Suites, DoubleTree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts brands. Hilton confirmed the breach and, much like Hyatt and Starwood, cited unauthorized malware that targeted payment card information in point-of-sale systems as the cause of the breach. Additional hotels targeted by hackers in 2015 included The Trump Hotel Collection, Mandarin Oriental and White Lodging Services Corporation.

To help prevent breaches, management should take steps to clearly define employee policies and procedures, which include:

Create protocols for access and transfer of sensitive information

Once a hotel has its IT network secure, only certain individuals should have access to the data. Further, user activity should be monitored using insider threat detection solutions that notify management of suspicious activities, both externally and internally. This includes monitoring applications for phones or computers that have access to sensitive data.

Hoteliers should tighten all network security. Simple ways to help accomplish that include:

  • ensure logins expire after short periods of inactivity;
  • require strong passwords that are never written down in public or unsecured locations; and
  • scan devices for malware every time they are plugged in.

Confirm that off-site technology is secure

Data housed off-site should be routinely backed up, and hoteliers should ensure that Web application firewalls are cloud-based solutions that are secure and encrypted. Hoteliers also should use top-notch anti-malware software and update it routinely.

Securing paper files that might include personal information

Employee files are a major target area for data breaches by way of paper files. They are typically easy to access (particularly in smaller hotels) and provide a significant source of data for a low-tech inside job.

Employee files also might include medical information protected by HIPAA. According to the Department of Health and Human Services, hacking has been involved in the HIPAA breaches of nearly 3 million patient records since 2009. Employees across all industries, including hospitality, should be aware that this highly sensitive information needs to be protected.

For more: http://bit.ly/1mHKrMn

Comments Off on How to Ramp Up Employee Cybersecurity Training

Filed under Crime, Employee Practices, Hotel Employees, Hotel Industry, Management And Ownership, Risk Management, Training