In This Issue


2018 Agent Roundtable Luncheons

3rd Annual Risk & Insurance Symposium

Cyber Attacks

Drones in Action

Drug Free Workplace
Amended Rules

Workers’ Compensation Amended Rules


Tennessee Trivia

Q. What Tennessee city is home to the “world’s steepest passenger railway?”

Click here for the answer

Message from the President

Dawn Crawford

Over the years, Public Entity Partners has received requests and suggestions from our members for a variety of enhancements to our programs and services. These have included recommendations for coverages, training programs, online claims filing and loss information, electronic policies, and much more. This feedback is a valuable part of the partnership we have with our members, which allows us to better serve the needs of local governments across Tennessee.

Public Entity Partners’s member services team wants to ensure we are meeting all the needs of our members. To assist us in our efforts, we have sent out a survey to all members, which will help us gain important information on the products and services we provide to you. We would also like to learn about areas where we can improve. Some examples include coverages you would like to see in the future, training opportunities that would benefit you and your entity, and ways in which we can make the most of your time when we visit with you.

Your feedback is vital for the planning and development of new resources to meet your needs in the years ahead. This survey will take approximately five minutes to complete and your answers will remain anonymous. If you have not already done so, please fill out the short survey at https://www.surveymonkey.com/r/BFCVF7H. If you have already completed the survey, thank you!

Those who complete the informational section at the end of the survey will be entered into a drawing for a $50 gift card.

Again, we thank you for your continued support of Public Entity Partners.

Sincerely,
Dawn Crawford signature
Dawn R. Crawford
President/CEO

 

2018 Agent Roundtable Luncheons

Public Entity Partners invites you to attend one of our Agent Roundtable Luncheons. We will use this time to answer any questions you may have about Public Entity Partners’s coverages, upcoming renewals or any of our added-value services. We will also discuss coverage and rate changes that will go into effect on July 1, 2018.

These roundtable luncheons are all about how we can help you, and are being hosted in your area by your local Member Services Representative and Underwriter. Locations, dates and times are listed below.

Please RSVP by April 30, 2018, to Heather McKnight at hmcknight@PEpartners.org or by calling 800-624-9698. Please also submit to Heather any topics for discussion or any questions you’d like us to answer.

We look forward to seeing you there!

East Tennessee

May 8 – Oak Ridge: 10:30 am - 1:00 pm
Madison Insurance Group
800 Oak Ridge Turnpike, B-200, Oak Ridge, TN 37830

May 9 – Greeneville: 10:30 am - 1:00 pm
Greeneville City Schools Central Office
129 W. Depot St. #4, Greeneville, TN 37743

May 10 – Collegedale: 10:30 am - 1:00 pm
Collegedale City Hall
4910 Swinyar Dr., Collegedale, TN 37315

Middle Tennessee

May 2 – Cookeville: 11:30 am - 1:30 pm
Crawdaddy’s
53 W. Broad St., Cookeville, TN 38501

May 9 – Shelbyville: 11:30 am - 1:30 pm
Legends Steakhouse
1609 N. Main St., Shelbyville, TN 37160

May 16 – Brentwood: 11:30 am - 1:30 pm
Public Entity Partners
5100 Maryland Way, Brentwood, TN 37027

West Tennessee

May 30 – Dyersburg: 11:30 am - 1:30 pm
Professional Development Center
305 College St., Dyersburg, TN 38024

May 31 – Paris: 11:30 am - 1:30 pm
Paris City Hall
100 N. Caldwell, Paris, TN 38242

Return to the top

3rd Annual Risk & Insurance Symposium

Registration is now underway for Public Entity Partners’s 3rd annual Risk & Insurance Symposium, which is open to all members. We have an exciting program of sessions planned for this year’s symposium, which is scheduled for Aug. 22 - 24.

Symposium topics include:

  • Managing the Media after a Mass Casualty Crisis – The Sandy Hook Tragedy
  • Setting Up Road Courses and Driver Training
  • Contractual Risk Transfer for Local Governments
  • Distracted Driving
  • Family Impact of Work Injuries
  • Opioid Use in Tennessee
  • Dangerous Crossroads Ahead: The Intersection of the First and Fourth Amendments
  • Riots, Protests and Public Gatherings
  • And many more!

In addition to numerous training opportunities, a member recognition lunch is planned for Thursday, Aug. 23rd.

Public Entity Partners will also recognize several Excellence in Risk Management Award winners at the symposium. Last year’s award winners represented each of Tennessee’s three grand divisions, and encompassed a variety of safety and risk management programs. Nominations for the Excellence in Risk Management Awards may be submitted by clicking here.

When: Aug. 22-24, 2018

Where: Franklin Marriott Cool Springs, 700 Cool Springs Blvd., Franklin, Tennessee 37067

Who should attend:

  • Anyone with safety responsibilities, interests or concerns
  • Supervisors with safety responsibilities
  • Safety, risk and HR managers
  • Mayors and elected officials
  • City managers/administrators
  • City recorders/clerks
  • Finance directors
  • Human resource employees
  • Fleet managers
  • Training officers
  • City attorneys

To view the agenda and to register, visit https://thepool.xmi.events/.

All sessions will be submitted to the Comptroller’s Office for CMFO credit consideration. If you have questions about the symposium or issues with registration, please contact Megan Miller at 605.341.9588 or mmiller@xmigrowth.com.

Return to the top

Cyber Attacks

A cyberattack hobbles Atlanta, and security experts shudder

Publication Date 03/28/2018
Source: New York Times Online

ATLANTA — The City of Atlanta’s 8,000 employees got the word on Tuesday that they had been waiting for: It was O.K. to turn their computers on.

But as the city government’s desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world’s busiest airport still could not use the free Wi-Fi.

Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city.

The digital extortion aimed at Atlanta, which security experts have linked to a shadowy hacking crew known for its careful selection of targets, laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations. In a ransomware attack, malicious software cripples a victim’s computer or network and blocks access to important data until a ransom is paid to unlock it.

“We are dealing with a hostage situation,” Mayor Keisha Lance Bottoms said this week.

The assault on Atlanta, the core of a metropolitan area of about 6 million people, represented a serious escalation from other recent cyberattacks on American cities, like one last year in Dallas where hackers gained the ability to set off tornado sirens in the middle of the night.

Part of what makes the attack on Atlanta so pernicious are the criminals behind it: A group that locks up its victims’ files with encryption, temporarily changes their file names to “I’m sorry” and gives the victims a week to pay up before the files are made permanently inaccessible.

Threat researchers at Dell SecureWorks, the Atlanta-based security firm helping the city respond to the ransomware attack, identified the assailants as the SamSam hacking crew, one of the more prevalent and meticulous of the dozens of active ransomware attack groups. The SamSam group is known for choosing targets that are the most likely to accede to its high ransom demands — typically the Bitcoin equivalent of about $50,000 — and for finding and locking up the victims’ most valuable data.

In Atlanta, where officials said the ransom demand amounted to about $51,000, the group left parts of the city’s network tied in knots. Some major systems were not affected, including those for 911 calls and control of wastewater treatment. But other arms of city government have been scrambled for days.

The Atlanta Municipal Court has been unable to validate warrants. Police officers have been writing reports by hand. The city has stopped taking employment applications

Atlanta officials have disclosed few details about the episode or how it happened. They have urged vigilance and tried to reassure employees and residents that their personal information was not believed to have been compromised.

Dell SecureWorks and Cisco Security, which are still working to restore the city’s systems, declined to comment on the attacks, citing client confidentiality.

Ms. Bottoms, the mayor, has not said whether the city would pay the ransom.

The SamSam group has been one of the more successful ransomware rings, experts said. It is believed to have extorted more than $1 million from some 30 target organizations in 2018 alone.

It is not ideal to pay up, but in most cases, SamSam’s victims have said that they can more easily afford the $50,000 or so in ransom than the time and cost of restoring their locked data and compromised systems. In the past year, the group has taken to attacking hospitals, police departments and universities — targets with money but without the luxury of going off-line for days or weeks for restoration work.

Investigators are not certain who the SamSam hackers are. Judging from the poor English in the group’s ransom notes, security researchers believe they are probably not native English speakers. But they cannot say for sure whether SamSam is a single group of cybercriminals or a loose hacking collective.

Ransomware emerged in Eastern Europe in 2009, when cybercriminals started using malicious code to lock up unsuspecting users’ machines and then demanding 100 euros or similar sums to unlock them again. Over the past decade, dozens of online cybercriminal outfits — and even some nation states, including North Korea and Russia — have taken up similar tactics on a larger scale, inflicting digital paralysis on victims and demanding increasing amounts of money.

Cybersecurity experts estimate that criminals made more than $1 billion from ransomware in 2016, according to the F.B.I. Then, last May, came the largest ransomware assault recorded so far: North Korean hackers went after tens of thousands of victims in more than 70 countries around the world, forcing Britain’s public health system to reject patients, paralyzing computers at Russia’s Interior Ministry, at FedEx in the United States, and at shipping lines and telecommunications companies across Europe.

A month later, Russian state hackers deployed similar ransomware to paralyze computers in Ukraine on the eve of the country’s independence day. That attack shut down automated teller machines in Kiev, froze government agencies and even forced workers at the Chernobyl nuclear power plant to monitor radiation levels manually. Collateral damage from that attack affected computers at Maersk, the Danish shipping conglomerate; at Merck, the American-based pharmaceutical giant; and even at businesses in Russia.

Attempted ransomware attacks against local governments in the United States have become unnervingly common. A 2016 survey of chief information officers for jurisdictions across the country found that obtaining ransom was the most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.

The survey, conducted by the International City/County Management Association and the University of Maryland, Baltimore County, also found that about one-quarter of local governments reported that they were experiencing attacks of one kind or another, successful or not, at least as often as once an hour.

Yet less than half of the local governments surveyed said they had developed a formal cybersecurity policy, and only 34 percent said they had a written strategy to recover from breaches.

Experts said government officials needed to be more aggressive about preventive measures, like training employees to spot and sidestep “phishing” attempts meant to trick them into opening the digital door for ransomware.

“It’s going to be even more important that local governments look for the no-cost/low-cost, but start considering cybersecurity on the same level as public safety,” said David Jordan, the chief information security officer for Arlington County, Va. “A smart local government will have fire, police and cybersecurity at the same level.”

Ms. Bottoms, who took office as mayor of Atlanta in January, acknowledged that shoring up the city’s digital defenses had not been a high priority before, but that now “it certainly has gone to the front of the line.”

“As elected officials, it’s often quite easy for us to focus on the things that people see, because at the end of the day, our residents are our customers,” Ms. Bottoms said. “But we have to really make sure that we continue to focus on the things that people can’t see, and digital infrastructure is very important.”

During the ransomware attack, local leaders have sometimes been able to do little but chuckle at a predicament that was forcing the city to turn the clock back decades.

Asked on Monday how long the city might be able to get by doing its business strictly with ink and paper, Ms. Bottoms replied: “It was a sustainable model until we got computer systems. It worked for many years. And for some of our younger employees, it will be a nice exercise in good penmanship.”

Security researchers trying to combat ransomware have noticed a pattern in SamSam’s attacks this year: Some of the biggest have occurred around the 20th of the month.

Allan Liska, a senior intelligence analyst at Recorded Future who has been tracking the group, said in an interview that he believed that SamSam gains access to its victims’ systems and then waits for weeks before encrypting the victim’s data. That delay, Mr. Liska said, makes it harder for responders to figure out how the group was able to break in — and easier for SamSam’s hackers to strike twice.

The Colorado Department of Transportation was able to restore its systems on its own after a SamSam attack, without paying SamSam a dime. But a week later, the hackers struck the department again, with new, more potent ransomware.

“They are constantly learning from their mistakes, modifying their code and then launching the next round of attacks,” Mr. Liska said.

Alan Blinder reported from Atlanta, and Nicole Perlroth from Boulder, Colo.

Copyright 2018 The New York Times Company

Return to the top

Drones in Action

The Town of Chapel Hill’s Unmanned Aerial Vehicle (UAV) or drone program has been off the ground for several months now. Originally intended to work mainly with the town’s fire department to assist with emergency situations and in establishing the perimeter of forest fires, the program has now been expanded for use with other departments. The town's drone has been successfully used in search and rescue missions and public relations campaigns, and was recently deployed for flood mitigation purposes.

Since January 2018, Middle Tennessee has experienced a significant amount of rain. Chapel Hill has suffered severe flooding impacting businesses and residential areas. The town’s current storm water infrastructure was overwhelmed, which allowed a tremendous amount of water to flow into areas that are unaffected under normal conditions.

Mark Graves, town administrator, began looking for resources to address the challenges caused by the flooding, and asked one of Chapel Hill’s two FAA certified pilots to use the drone for capturing images of flooded areas, and showing where and how the water was flowing. The results have been extremely helpful.

The town is utilizing aerial footage taken by their drone to give engineers detailed information of the flood to help with the planning and development of flood-control solutions. The aerial footage has also been used to explain challenges to citizens, stakeholders and investors, and has the potential to be used in grant applications for specific needs.

Chapel Hill has worked diligently to create a drone program that benefits the town and fits within the requirements outlined by the Federal Aviation Administration (FAA) for non-recreational use of a UAV or drone. Graves stated that “in addition to common uses such as water tank inspections, our goal is to unleash the potential of this technology to save lives and property, and to help lead others to do the same.”

Graves and Chad Dennis, Chapel Hill’s deputy fire chief and codes officer, will be sharing more about their UAV program at Public Entity Partners’s 2018 Risk & Insurance Symposium, to be held in August. To register or learn more about the symposium, visit https://thepool.xmi.events/.

Public Entity Partners has worked with Chapel Hill since they first initiatied their UAV program to provide liability and physical damage coverage. If you would like to find out more about UAV coverage, please reach out to Public Entity Partners’s underwriting department.

East Tennessee
Jodeen Baumann
jbaumann@PEpartners.org

Middle Tennessee
Anthony Roman
aroman@PEpartners.org

West Tennessee
Janine Helton
jhelton@PEpartners.org

Return to the top

Drug Free Workplace Amended Rules

Beginning May 6, 2018, the new rules for the Tennessee Drug Free Workplace Program will go into effect. According to the Bureau of Workers’ Compensation, the new rules include updated language, point of collection testing procedures, clear instructions on how to handle an employee’s inability or refusal to provide a sample, employee and employer protections, and suggestions for all required training. As part of the revisions to the program, a new Employer Implementation Guide and a template for a Substance Abuse Policy Statement have been added to the program's website.

Beginning on May 6, 2018, employers will be able to conduct point-of-collection testing for job applicants who have been offered a conditional offer of employment. The devices must meet the same testing standards as required by the U.S. Department of Transportation and SAMSHA, and be approved by the Bureau. To determine if the test kit your entity would like to use conforms to the Tennessee Drug Free Workplace Program rules and is approved for use, you can submit product information, including the test methodology and cut-off levels, to dfw.program@tn.gov.

In addition to filing an application with Department of Labor and Workforce Development, participation in the Tennessee Drug Free Workplace Program includes a training component. Participating employers are required to “provide at least one hour of training to all employees at least one time.” This training must take place within 60 calendar days of when you implement the program or within 60 calendar days of the employee’s date of hire. The regulatory rules for the Tennessee Drug Free Workplace Program specifically outline what should be included in the training.

In addition, all supervisory personnel are required to have an additional two hours of training geared specifically for their responsibilities as supervisors within the Tennessee Drug Free Workplace Program. That training is required to include:

  1. Recognizing the signs of substance abuse in the workplace
  2. Documenting and reporting signs of employee substance abuse to the proper employer representative
  3. Referral of an employee to Human Resources (HR) for counseling and possible treatment options
  4. Being able to understand and explain the employer's Drug-Free Workplace Program policies
  5. Being able to understand and explain the Tennessee Drug-Free Workplace Program rules

Participants of the Tennessee Drug Free Workplace Program receive a five percent credit on their Workers’ Compensation premium. As these new rules go into effect, make sure you are educating yourself on the program requirements. To read the amended rules in their entirety, click here. Compliance with the program rules and regulation is up to you!

Return to the top

Workers’ Compensation Amended Rules

The Bureau of Workers’ Compensation has posted the final amended rules that will go into effect May 31, 2018. To read the rules in their entirety, click here.

We encourage you to take time to consider which doctors are listed on your panel of physicians. When you determine which physicians you want to list on your panel of physicians, it is important that you reach out to them first to ensure that they want to be listed on your panel and are willing to treat workers’ compensation patients. In addition, you should discuss with them the importance of providing prompt and thorough medical treatment for your employees in order to ensure a timely return to normal work and home life.

Physicians overseeing walk-in clinics may be used on your panel of physicians, but please keep rule 0800-02-01-.06(5) in mind:

“Walk-in clinics, urgent care facilities and other similar providers may be an option on a medical panel if the provider is staffed by at least one physician, and the name of the staff physician or medical director is also indicated on the panel. Associated walk-in clinics, urgent care facilities and other similar providers may be listed on the same medical panel to the extent allowed by law provided different staff physicians or medical directors are named for each different location.”

We are frequently asked about listing nurse practitioners and physician assistants on an Employer’s Panel of Physicians. Fortunately, the newly promulgated rules specifically address this issue, stating:

0800-02-01-.06(7) Nurse Practitioners, Physician Assistants and other mid-level practice extenders under the supervision, direction and ultimate responsibility of a licensed physician accountable to the Board of Medical Examiners may provide medical treatment ordered by an attending physician to an injured employee in accordance with their licensing. Notwithstanding this use of practice extenders in treatment settings, only the supervising physician may be listed on an Employee Choice of Physician Form C-42, may determine medical causation regarding the injury, may issue a permanent impairment rating, and may determine the date of an injured employee's maximum medical improvement.”

Don’t forget that you are required by the Workers’ Compensation law to notify your employees of the services offered by the Bureau, the duties and obligations of the employer and employee, and the names, addresses and telephone numbers employees may contact for additional information. To meet this requirement, the Tennessee Workers’ Compensation Posting Notice should always be on display in one or more conspicuous places at each worksite. A copy of this form can be found here.

If you have questions about your workers’ compensation program, or would like to talk to someone about keeping employees safe and reducing injuries, please reach out to your Casualty Loss Control Consultant.

East Tennessee
Judy Housley
jhousley@PEpartners.org

Middle Tennessee
Chester Darden
cdarden@PEpartners.org

West Tennessee
Paul Chambliss
pchambliss@PEpartners.org

Return to the top

Tennessee Trivia

Q: What Tennessee city is home to the “world’s steepest passenger railway?”

A. Lookout Mountain is home to the Incline Railway, which has been in operation since 1895. The railway claims to be the world’s steepest passenger railway, and offers an exciting ride and amazing views.