In the ever-evolving landscape of nonprofit management, safeguarding your organization against unforeseen risks is paramount. A recent news report highlighted the unfortunate situation involving the Blue Hills Civic Association in Hartford, CT, where the executive director and CFO were fired after a staggering $300,000 was stolen due to wire fraud.
According to materials provided to the state, BHCA is responsible for distributing millions in taxpayer funding to partner organizations, including My People Community Services, Inc., which provides social services in Hartford. In October 2024, BHCA wired two separate payments intended for the group after being contacted by a person purporting to be a representative. This individual “sent an email with My People’s budget, W-9 form, and ACH form to BHCA, which led BHCA to wire the funds to a fraudulent bank account,” as noted in a letter the nonprofit sent to the attorney general’s office.
BHCA staff discovered the theft after being contacted by My People in early December. Unfortunately, the insurance policy in place at the time didn’t provide coverage for cybersecurity incidents. The organization promptly contacted state and federal law enforcement and issued a new check to My People on December 23, 2024, to replace the funds that were never received, categorizing the payment on its books as a miscellaneous expense, according to the board’s
timeline.
The tragedy of this incident was exacerbated by the organization’s lack of the correct coverage, leaving them exposed and without critical protection. This unfortunate circumstance underscores the extreme importance of ensuring that nonprofits carry the necessary insurance coverage to guard against potential breaches. In a related situation, the ransomware attack on the city of Baltimore in May 2019 serves as a stark reminder of the severe consequences of inadequate cyber insurance. During this incident, Baltimore’s government servers were compromised by ransomware, resulting in the city incurring approximately $18 million in recovery costs. The attack highlighted vulnerabilities in Baltimore’s IT practices, including a failure to allocate funds for cyberattack insurance, ultimately leading to significant operational disruptions and financial losses. Just as in the case of the Blue Hills Civic Association, the absence of proper insurance coverage left the city exposed to catastrophic financial consequences.
While we won’t dwell on the mistakes of one organization, this serves as a powerful reminder for all nonprofits to reevaluate their risk management strategies.
Why Insurance Matters for Nonprofits
- Protection Against Theft and Fraud: Cyber theft poses a significant risk in today’s digital age. Having cyber liability insurance can protect nonprofits from financial losses related to data breaches, hacking, and other cyber incidents.
- Avoiding Financial Ruin: Liability insurance helps protect against lawsuits and claims that can lead to massive financial hardships. Without it, nonprofits may be vulnerable to crippling expenses that could jeopardize their mission.
- Sustaining Operations: Business interruption insurance can cover lost revenue in the event that an organization must cease operations due to a disaster. This ensures that nonprofits can continue to serve their communities even in challenging times.
- Protecting Employees: Workers’ compensation insurance is vital. It provides coverage for medical expenses and lost wages for employees who suffer injuries on the job, allowing nonprofits to safeguard their staff and maintain morale.
- Enhancing Credibility and Trust: Having the right insurance in place boosts the confidence of donors and stakeholders. It demonstrates that an organization is responsible and prepared to handle potential risks, fostering trust and encouraging further investment.
Essential Types of Insurance for Nonprofits
- General Liability Insurance: Covers legal claims for bodily injury, property damage, and personal injury connected to your organization’s operations.
- Directors and Officers (D&O) Insurance: Protects nonprofit leaders from personal financial loss resulting from lawsuits related to their decisions.
- Cyber Liability Insurance: Safeguards against data breaches, cyber-attacks, and other technology-related risks.
- Workers’ Compensation Insurance: Covers employees for work-related injuries or illnesses, protecting both the organization and its workforce.
- Property Insurance: Protects an organization’s physical assets against loss or damage from incidents like fire, theft, or natural disasters.
- Professional Liability Insurance: Also known as errors and omissions insurance, it protects against claims of negligence in the provision of services.
The Role of Expert Grants Management
As we reflect on the unfortunate consequences faced by the Blue Hills Civic Association, it’s vital to consider how careful financial management can prevent similar scenarios. Had the organization employed experts in grants management, they may have been more vigilant in monitoring their accounts and comprehensively assessing all risk factors, including insurance coverage. A specialist can help ensure that all essential financial safeguards are in place, significantly reducing the likelihood of such breaches. The safety and sustainability of nonprofit organizations hinge greatly on prudent risk management, including the acquisition of proper insurance. Failure to adequately protect against potential vulnerabilities can have devastating consequences, as evidenced by the situation at the Blue Hills Civic Association.
Don’t wait until disaster strikes. Now is the time to evaluate your organization’s insurance needs and work with professionals who can help you navigate these challenges. By prioritizing the right coverage and expert financial oversight, you can help secure a brighter future for your nonprofit and the communities you serve.
JoAnna Laiscell, MSAT
President and CEO, Nothing But Numb3rs
April 29, 2025
JoAnna Laiscell is the visionary President and CEO of Nothing But Numb3rs, a premier accounting and taxation firm specializing in nonprofit organizations, grants management, and law firm IOLTA and IOTA accounts. With over 25 years of experience, Ms. Laiscell has adeptly managed billions of dollars, establishing herself as a highly respected authority in her field.
References:
- Chokshi, Niraj. “Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next.” The New York Times, May 22, 2019. https://www.nytimes.com/2019/05/22/us/baltimore- ransomware.html
- Dempsey, Christine. “Hartford Civic Organization Has Bulk of Staff Eliminated; Ex-Employees Say: ‘All of Them Are Gone’.” Connecticut Public Radio, April 14, 2025. https://www.ctpublic.org/news/investigative/2025-04-22/blue-hills civic-association-hartford- layoffs-fraud
- Martinez, Eddy. “Abrupt Layoffs at a Hartford Nonprofit Has Residents Demanding Answers.” Connecticut Public Radio, April 15, 2025. [https://www.ctpublic.org/news/2025-04- 15/abrupt-layoffs-at-a-hartford-nonprofit-has-residents-demanding- answers]
- Khan, Maysoon. “Blue Hills Civic Association Suffered ‘Significant’ Wire Transfer Fraud Before Sudden Layoffs.” Connecticut Public Radio, April 22, 2025. [https://www.ctpublic.org/news/investigative/2025-04-22/blue-hills-civic-association-hartford- layoffs-fraud]
Legal Disclosure:
This blog is intended for informational purposes only and does not constitute legal or professional advice. The views expressed herein are those of the author and are not intended to discredit or disparage any individual or organization mentioned. All information is presented in good faith and based on sources deemed reliable at the time of writing. The author disclaims any liability for actions taken based on the content of this blog or other related blogs on this matter.