Mark Twain is famous for saying, “Never put off till tomorrow what may be done day after tomorrow just as well.” Unfortunately that is the plan most medical providers are following when it comes to protecting against Cyber Liability. It’s as if they’re all waiting to buy fire insurance after the fire has burned down their building. Data breaches, cyber extortion, HIPAA violations, and financial fraud occur in the healthcare industry more and more, so why is no one bothering to buy Cyber Liability insurance to protect against these potentially catastrophic risks? Healthcare providers need to purchase Cyber Liability Insurance before a problem occurs to protect against financial loss, business interruption, and reputation damage.
A damaged reputation may be the least of a medical practice’s worries after a data breach or HIPAA violation, but it is certainly not something to ignore. What’s at stake is trust. Will patients and vendors continue to place their trust in an organization that just got hacked and lost their personal financial data and private health information (PHI)? In order to preserve a good reputation and the trust factor, a practice will need to do damage control by notifying every patient and third party involved in the breach. They will need to provide a public notice as well as do some advertising to the general community. This often means employing a PR/marketing firm, which can be very expensive. A Cyber Liability insurance policy covers legal, PR, advertising, IT forensic, and credit monitoring expenses. This could save a practice hundreds of thousands of dollars.
Another expense involved in any sort of Cyber Liability claim for a medical provider is the loss of income if the business is interrupted. Often practices don’t have any sort of plan in place for reacting to a Cyber Liability claim. If an employee loses a laptop with thousands of patients’ information and PHI, the entire staff must get involved in quickly notifying each patient and minimizing the loss. This can take hundreds of hours and most likely means cancelling appointments for days or even weeks. A Cyber Liability insurance policy covers this loss of income due to business interruption. It also provides support and help in the process of notifying everyone involved.
Obviously, the biggest risk for a medical provider when a Cyber Liability claim arises is the overall financial loss. Whether it’s the expense of notification after a data breach, PR and damage control, fines and penalties for HIPAA violations, or ransom paid to a cyber terrorist, there are real costs involved and it can add up to hundreds of thousands of dollars in multiple categories. In fact, in the “2015 Cost of Data Breach Study: Global Analysis,” released by IBM and the Ponemon Institute, the average total cost of data breaches increased 23% in two years, and totaled $3.79 million. According to the study, the average cost per record lost in a data breach in 2015 was $154. The costs will continue to increase as more breaches occur and the demand for services, support, and forensics increases.
Why Nobody Buys Cyber Liability Insurance:
Within the healthcare industry it appears that most providers are relying on the Cyber Liability insurance coverage attached to their medical malpractice insurance policies. This is a mistake. This coverage is usually limited to $50,000 or $100,000, which won’t even scratch the surface of the costs involved when 5,000 to 10,000 records are lost or stolen. A separate Cyber Liability insurance policy will include coverage starting at $1,000,000, and can go up to $10,000,000 depending on the size of the practice. The premiums are very low compared to the coverage the policy provides.
It also appears that many healthcare providers simply think a Cyber Liability claim won’t happen to them, but that is a mistake as well. HealthcareIT News recently reported that of the seven largest data breaches of 2015, three of them were in healthcare. Clearly the healthcare industry is a target for hackers because of the value of the information that is obtainable. In addition, almost half of cyber threats come from insiders – employees or others who have access to a medical practice’s data. “Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental,” writes Tara Seals, a news reporter for Infosecurity Magazine. No matter how secure an IT system is, chances are slim that not even the smaller practices will avoid some sort of data breach in the next few years. Every practice needs to be proactive in creating a plan for a potential claim and purchasing insurance protection.
It’s been said that, “Procrastination is the art of keeping up with yesterday.” The healthcare industry is notoriously slow in adapting to change. Providers would be well advised to purchase Cyber Liability insurance before yesterday catches up with them.
eQuoteMD is the leading online source for Medical Professional Liability Insurance, Healthcare-specific Cyber Liability Insurance, and physician Lump Sum Disability Insurance. Our broker partners give quick, no-obligation quotes for any specialty in any state. Request a free quote online now.