In June the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) levied a $4.5 million fine against the University of Texas MD Anderson Cancer Center in Houston for three separate data breaches that go back to 2012 and 2013. The health records of more than 35,000 patients were lost when an employee’s laptop was stolen and two unencrypted thumb drives were lost.
In 2017, a network of more than 50 medical practices in New Jersey agreed to pay more than $418,000 to resolve an investigation by the state attorney general after it was discovered patient records of more than 1,600 patients were exposed online due to a server problem at a third-party transcription vendor.
Situations like these provide clear evidence as to why cyber liability insurance has become a critical part of every savvy health organization’s risk management strategy.
How to find the best cyber liability protection for your organization
Health organizations rely on the Internet for everything from data storage to medical records sharing and information delivery. Unfortunately, medical records are one of the chief targets of devious forces whose full-time job it is to expose your organization to risks related to network damage, cyberattacks, theft of medical records and sensitive patient information.
The key to finding the best cyber liability protection is to choose a broker who knows all about both first party and third-party coverages. At SEI, we bring expert risk prevention guidance and planning from the underwriting side to help mitigate your healthcare organization’s unique vulnerabilities. We can shape cyber insurance coverage to meet your present and future needs based upon the unique exposures presented by your business.
Our risk management experts help our healthcare and medical group clients understand the potential costs of a cyber event in terms of HIPAA violations and the accompanying fines, data breaches, stolen records, operations disruptions, phishing attacks and other disastrous cyber intrusions, as well as costs related to legal fees and public relations crisis controls.
What’s included in a robust medical cyber insurance policy?
A successful malicious attack against your networks can cost you in many ways. These include notifying patients that their personal medical or financial information has been compromised, and providing on-going credit monitoring to affected customers. Data Breach Liability provides insurance protection when a security breach results in identity theft. It can also include damage to your network resulting from the theft of data, as well as the spread of infection to networks belonging to others via viruses, worms, etc.
Additionally, Security Breach Liability helps protect your medical business in the event of claims or regulatory penalties resulting from an attack on your computer hardware/software which transmits malicious code to other networks, manipulates your data stores, or allows service disruptions such as denial of service attacks.
Many patients use their credit cards to fulfill co-pays and other payments during a doctor or a hospital visit. This information is a prime target for hackers. The payment card industry has invoked a set of rules for merchants who want to process, transmit and store credit card data on behalf of their customers. Those merchants who are not PCI compliant and experience a security breach may be subject to fines. Such fines can be very significant and depending on the circumstances a merchant might have to pay from $5K to $100K every month until they can prove that they are Payment Card Industry (PCI) compliant. Such PCI fines and penalties are charged by credit card companies such as Visa, Mastercard, Discover, etc. and are clearly seen as violations of their industry rules and regulations.
When that happens your health care business can be exposed to claims against it for the unauthorized release of everything from the actual patient accounts to personally identifiable information. In these situations, Network Security and Privacy Liability insurance helps offset costs related to customer notification, credit monitoring services, forensics, legal expenses, and government privacy regulations.
Does your medical practice or healthcare organization have adequate protection from cyber attacks? If not, you are not alone. We stand ready and eager to help.
At SEI we are very proficient at helping our clients find the right cyber liability insurance program to complement their needs now and in the future as their data stores increase . Our risk-management experts will help you understand the full extent of your exposures, your internet security risks, and how to construct a customized program to insure against security breaches.
To schedule an appointment with a cyber insurance specialist , call SEI New York at 877.237.2481 or fill out our contact form here.