Workforce Drug Positivity Rate Highest Since 2004

Workforce use of illicit drugs across the board—including cocaine, marijuana and methamphetamine—has climbed to the highest rate in 12 years, a study by Quest Diagnostics found.

Overall positivity in urine drug testing among the combined U.S. workforce in 2016 was 4.2%, a 5% relative increase over last year’s rate of 4%—the highest annual positivity rate since 2004 (4.5%), according to an analysis of more than 10 million workforce drug test results.

“This year’s findings are remarkable because they show increased rates of drug positivity for the most common illicit drugs across virtually all drug test specimen types and in all testing populations,” Barry Sample, senior director of science and technology at Quest Diagnostics Employer Solutions, said in a statement. “Our analysis suggests that employers committed to creating a safe, drug-free work environment should be alert to the potential for drug use among their workforce.”

The positivity rate in urine testing for cocaine increased for the fourth consecutive year in the general U.S. workforce and for the second consecutive year in the federally-mandated, safety-sensitive workforce. Cocaine positivity increased 12% in 2016, reaching a seven-year high of 0.28%, compared to 0.25% in 2015 in the general U.S. workforce, and 7% among federally-mandated, safety-sensitive workers to 0.28% from 0.26% in 2015.

Marijuana positivity continued to climb in both the federally-mandated, safety-sensitive and general U.S. workforces. In oral fluid testing, which detects recent drug use, marijuana positivity increased nearly 75%, from 5.1% in 2013 to 8.9% in 2016 in the general U.S. workforce. Marijuana positivity also increased in both urine testing (2.4% in 2015 versus 2.5% in 2016) and hair testing (7.0% in 2015 versus 7.3% in 2016) in the same population. Among the federally-mandated, safety-sensitive workforce, which only uses urine testing, marijuana positivity increased nearly 10% (0.71% in 2015 versus 0.78% in 2016), the largest year-over-year increase in five years.

In Colorado and Washington, the first states in which recreational marijuana use was legalized, the overall urine positivity rate for marijuana outpaced the national average in 2016 for the first time since the statutes took effect. The national positivity rate for marijuana in the general U.S. workforce in urine testing increased 4% (2.4% in 2015 compared to 2.5% in 2016).

Positivity for amphetamines (which includes amphetamine and methamphetamine) continued a year-over-year upward trend, increasing more than 8% in urine testing in both the general U.S. and federally-mandated, safety-sensitive workforces compared to 2015. According to Quest, this rise over the past decade has been driven primarily by amphetamine use, including certain prescription drugs such as Adderall.

After four straight years of increases, in 2016, urine testing positivity for heroin held steady in the general U.S. workforce and declined slightly among federally-mandated, safety-sensitive workers.

Positivity for prescription opiates—including hydrocodone, hydromorphone and oxycodones—declined in urine testing among the general U.S. workforce. Oxycodones have seen four consecutive years of declines, dropping 28% from 0.96% in 2012 to 0.69% in 2016. Hydrocodone and hydromorphone both showed double-digit declines in both 2015 and 2016 (0.92% in 2015 to 0.81% in 2016) and (0.67% in 2015 to 0.59% in 2016), respectively.

This decline may be due to the fact that state and federal authorities have made efforts in the past few years to place tighter controls on opiate prescribing in order to address the opioid crisis.

North Korea Now Suspected in Ransomware Attack

The massive cyberattack that has struck businesses, government agencies and citizens in more than 150 countries may be tied to hackers affiliated with North Korea. Called WannaCry, the ransomware encrypts the victim’s hard drive and demands a ransom of about $300 in the virtual currency bitcoin.

According to the Washington Post:

Several security researchers studying “WannaCry” on Monday found evidence of possible connections to, for instance, the crippling hack on Sony Pictures Entertainment in 2014 attributed by the U.S. government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.

The New York Times reported that the malicious software, based on a vulnerability included in the National Security Agency tools published by the Shadow Brokers hacker group, was distributed via email. The ransomware takes advantage of vulnerabilities in Microsoft Windows systems, generating the largest ransomware attack to date. Although the flaw was patched by the company months ago, the wide spread of the attack illustrates how many users fail to update their software. Institutions and government agencies affected included the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.

Organizations are advised to save their data and take other measures to avoid being hacked. Kroll said that while the particular ransomware variation involved in hundreds of thousands of incidents has now been rendered largely harmless, its cyber security and investigations team “strongly recommends that organizations recognize that a small change in the malware code could reactivate it. So action should be taken in conjunction with your technology unit to reduce your risk and prepare for inevitable future similar attacks. If the malware has entered your network, it has the ability to spread—and spread rapidly.”

According to Kroll:

  • Obsolete versions of Microsoft Windows are particularly vulnerable. We understand that there may be very specific circumstances that require you to use versions that are no longer supported, but now is the time to revisit the topic. See if there is any way you could use a supported operating system running a virtual version of the operating system you need.
  • Microsoft has been working to roll out updates that can fix the underlying security weakness that this malware exploits. You should make sure that both your personal and business machines running Windows are updated. We know that many people don’t want to take the time to close out all their files and restart their computers to allow updates to occur, but this is an important defense against the WannaCry ransomware. As an indicator of how serious the threat is, note that Microsoft has even released a security patch for the old Windows XP system. Please take steps to assure that all relevant machines running the Windows operating system are updated.
  • Organizations that don’t have well-thought-out backup and recovery plans are also very vulnerable. Management should be asking if there is a plan to assure that all important files are backed up in a way that will prevent a ransomware infection from attacking both the primary files and the backups.

President Trump ordered homeland security adviser Thomas P. Bossert to coordinate a government response to the spread of malware and find out who was responsible. According to the Times:

“The source of the attack is a delicate issue for the United States because the vulnerability on which the malicious software is based was published by a group called the Shadow Brokers, which last summer began publishing cybertools developed by the National Security Agency.”

Government investigators, while not publicly acknowledging that the computer code was developed by American intelligence agencies, say they are still investigating how the code got out. There are many theories, but increasingly it looks as though the initial breach came from an insider, perhaps a government contractor.

In a report, How to Protect Your Networks from Ransomware, the U.S. government recommends that users and administrators take preventative measures, including:

  • Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.
  • Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
  • Set anti-virus and anti-malware programs to conduct regular scans automatically.
  • Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.

Make Your Hurricane Preparations Now

With the Atlantic hurricane season’s official start on June 1, the time to check your buildings and existing contingency plans—or start a new one—is now, during hurricane preparedness week.

For 2017, Colorado State University’s hurricane research team predicts slightly below-average activity of hurricanes making landfall, with a forecast of 11 named storms, four hurricanes, and two major hurricanes.

The 2016 season is seen as a wakeup call, as 15 named storms and seven hurricanes formed in the Atlantic Basin—the largest number since 2012. Among the hurricanes was Matthew, a Category 4, which devastated Haiti, leaving 546 dead and hundreds of thousands in need of assistance. After being downgraded to a Category 2, Matthew pummeled southeast coastal regions of the U.S., with 43 deaths reported and widespread flooding in several states.

Here are 10 preparedness steps offered by FEMA:

The Insurance Institute for Business & Home Safety (IBHS) warns that small businesses are especially vulnerable. Of businesses closed because of a disaster, at least one in four never reopens.

IBHS offers these steps for preparing a business for hurricane season:

  1. Have your building(s) inspected and complete any maintenance needed to ensure your building can stand up to severe weather.
  2. Designate an employee to monitor weather reports and alert your team to the potential of severe weather.
  3. Review your business continuity plan and update as needed, including employee contact information. If you do not have a business continuity plan, consider IBHS’ free, easy-to-use business continuity plan toolkit for small businesses.
  4. Remind employees of key elements of the plan, including post-event communication procedures and work/payroll procedures. Make sure all employees have a paper copy of the plan. Review emergency shutdown and start-up procedures, such as electrical systems, with appropriate personnel, including alternates.
  5. If backup power such as a diesel generator is to be used, test your system and establish proper contracts with fuel suppliers for emergency fuel deliveries.
  6. Re-inspect and replenish emergency supplies inventory, since emergency supplies are often used during the offseason for non-emergency situations.
  7. Test all life safety equipment.
  8. Conduct training/simulation exercises for both your business continuity and emergency preparedness/response plans.

Interstate Restoration has a day-by-day list of steps for business storm preparation, based on NOAA recommendations. They include research, planning and documenting, gathering emergency supplies, checking insurance coverage and supply chain and finalizing your plan.

Navigating Risk Management Around the Globe

Over the past few years, I’ve had the wonderful opportunity to travel the world and visit factories, distribution centers, ports, warehouses, and several offices for the company where I work. Apart from being a great way to see the world, it has also been an opportunity to learn from the ways different cultures see and manage risk.

Coming from Latin America, it was clear to me that the concept of risk management was something not highly promoted or recognized in the region. Companies that operated locally took the approach of using intermediaries to transfer their risks to insurance companies. Occasionally I would find buyers focused on managing their own risks efficiently. But that was more than a decade ago. During my most recent trips to South America, I had the opportunity to see the implementation of a regional affinity program—a collaboration between a well-known broker and our company’s financial operations. In this case, those involved were highly educated in insurance concepts and their understanding of risk acceptance was completely in line with more developed markets.

Another interesting aspect of dealing with this program was the strong relationship between the broker and our office. It was a very cordial and open communication that transcended the usually formal interaction between these parties—and included text messages flying back and forth to get the deal done. In a way, the warm personality of South Americans permeated the business environment. So when it comes to this colorful part of the world, business is, in fact, personal.

European markets have had the opportunity to evolve over centuries and this is clearly represented in the broadness of coverages available. The highly tailored wordings, both inside and outside of Lloyds, give a global insurance program more complexity when it includes exposures in Europe.

In a way, Europe continues to be an innovation hub but with difficulties in exporting those advancements. There are still great products and coverages in the insurance market that have not found their way to the Americas—and only on a limited basis to Asia. There are reasons behind this, however. While the nature of exposures in Europe continue to be unique in multiple ways, one reason these solutions have not fully taken off is that other markets do not yet fully recognize the need for them.

Asia marked, for me, a huge difference in how I saw the business relationship around insurance and the implementation of risk management. Those markets are inherently independent from the broker relationship and thus are inclined to build direct dealings with insurers. This proves to be difficult when a foreign multinational attempts to combine Asian exposures with a global program. There is reluctance to work with intermediaries and it can take time to transform the carrier-insured liaison, which can only happen after a trusting relationship is built.

Have you recognized patterns in some regions? Do you think that analyzing and exploring this kind of multicultural risk management would be of benefit to organizations?