Prefer to speak with a CoverWallet consultant? Call (646) 844-9933 anytime.
We live in a very high-tech world and it is only going to continue to evolve. The more evolved our technology becomes, the more risk we take on of being attacked by cybercriminals. Cyber attacks on the healthcare industry are increasing daily and regardless of the risk management protocols, there is always the chance that the data will be stolen or damaged, impacting your patients in a negative way. Knowing how cyber attacks can happen and how to prevent them can help the healthcare industry become better prepared should a breach occur.
Information security is critical to all businesses, but with all the laws surrounding patient information like HIPPA, it is even more important for the healthcare field. Cyber security in the healthcare field is a great risk management tool, but it should be coupled with other loss control measures. That is why it is recommended that the healthcare industry carry Cyber Liability insurance. Cyber Liability is an insurance policy that can be purchased by those in the healthcare industry to help pay for any claims that may occur, as well as some extra coverages that you might not even think about when learning about cyber attacks on the healthcare industry. Here is a quick breakdown of some ways a Cyber Liability insurance policy can protect the healthcare field.
Cyber Extortion – Cyber extortion is an increasing risk and issue for many businesses. The healthcare industry unfortunately sees a lot of them due to how valuable the stored information is. Criminal hackers will get into the healthcare system and encrypt the data so that users are unable to do anything, and demand a ransom. Previously, you could ignore this type of cyber attack and simply restore your data from your backup. These criminals are, unfortunately, getting smarter and figured out how to also encrypt the backups so that a ransom must be paid or they will destroy the data. Imagine if all of your patient’s information was stolen by hackers and sold to the highest bidder, and the negative impact that would have on the practice. Cyber Liability will often pay the ransom amount, up to the coverage limit, in order to get your data back safe and sound.
Reimbursement – Cyber Liability insurance will pay the cost to replace any data lost as well as hardware that may have been damaged in the process. Due to the number of employees a healthcare practice may have, the amount to replace all computers that were on at the time of the cyber attack could cost thousands of dollars. Plus, software systems cost money as well, and you may have to purchase new licenses for them if the cyber attack was particularly hard-hitting.
Notification – There are a vast array of laws that any industry has to abide by when there is any kind of data breach. Part of these laws includes notifying the victims of the breach within a certain amount of time. This can be extremely costly, especially for the healthcare industry, considering the thousands of patients that any practice can see over time. You will also likely want to control the publicity of the event in hopes that the reputation of the practice is not tarnished, and Cyber Liability insurance can pay for these costs.
The above 3 examples of coverages on a Cyber Liability insurance policy are the biggest ones that you should understand, but there are a lot of other coverages within a Cyber Liability policy as well. Things like Multimedia Liability, Privacy Liability, network failure, and other types of data breaches will also be covered. Not to mention recovery, court costs, lawyer fees, forensic investigation fees and most importantly making sure a cyber attack does not happen again. Make sure you read your policy thoroughly, as different insurance companies provide different coverages and you want to make sure that you don’t assume something is covered and then it becomes too late.
Cyber attacks on the healthcare industry are becoming more common due to many reasons and understanding what makes the healthcare industry a higher risk is important.
Black Market – The black market is where the criminal hackers determine what is in high demand so they can sell it. The thing that is in the highest demand currently is healthcare information. It is in such high demand because the healthcare records contain enough personal information that can be used to create fake identification, get medical supplies and equipment, and file insurance claims to get even more money. Unfortunately, it is proven that it takes longer to discover a cyber attack on the healthcare industry than any other industry. Plus, it is harder to recover as well since HIPPA requires so much privacy.
Mobile Devices – Because technology has really advanced in the last 10 years, many workers in the healthcare industry are using their own personal devices for work and it is impossible for the employer to monitor the use and security of them. Also, many healthcare facilities are using other portable electronic devices like tablets to take notes and store patient information. Not only are these devices hard to secure and monitor, but it gives criminal hackers more ways to get into the network and steal the data. This causes the healthcare industry to be a huge target for criminals because it is a little easier to get into, making it more efficient for them.
Data Breach Cost – According to an IBM Cost of Security study in 2018, it was found that the healthcare industry is the costliest to recover from a data breach. Because the patient information is so sensitive and laws like HIPPA exist, coupled with the high cost of notification expenses, it stands to reason that any healthcare practice would have to have Cyber Liability insurance to remain in operation. Unfortunately for many patients, some healthcare facilities are not taking these possible cyber attacks seriously enough.
Cyber risks in healthcare are real and they are abundant. Due to the amount of technology utilized by healthcare facilities and the software programs used, there is an extremely high risk for a cyber attack. With software programs like Epic, TherapyNotes, WebPT, Sevocity, MedPortal, Fusion, CureMD, and others, there are so many access points for these criminal hackers to penetrate the network and corrupt, steal and sell the data. All of this could occur while you are not even looking and may not find it for weeks or months, unless of course, it is a cyber extortion attack. Here are some examples of cyber attacks that have happened in the healthcare industry to help make it more real and give an idea of how bad it can really get from a cost perspective.
Accudoc Solutions – This was the biggest healthcare data breach in 2018 and affected 2.6 million patients. The way the hackers got in was through a billing vendor. The cost of this breach was $409 per patient record. Their Cyber Liability insurance policy would have paid up to the limit on the policy.
Unitypoint Health – An email system was breached and affected over 1.4 million patients and was their second breach of the year. Ouch. This was done with phishing emails that looked like they were legit. This one also cost $409 per record.
American Medical Collection Agency – 25 million records and counting were obtained with this data breach in 2019. The amount it cost per patient to restore this data went up from 2018 to $429. While it may not seem like a big increase from $408 when you take that $21 difference multiplied by the number of records, it is huge. And imagine if they had no Cyber Liability insurance policy.
As you can see, a single data breach can have a disastrous effect on any healthcare practice. Even a small practice that may have only 20,000 records stored can cost over $8.5 million. Without Cyber Liability insurance, this can certainly put a healthcare business out of commission.
While purchasing Cyber Liability insurance for your healthcare facility should be a priority, you should also make sure you have some good risk management practices in place. While some of these are pretty standard, they are extremely critical for the healthcare field due to the cost and severity of a cyber attack.
BYOD – Have a clear and concise bring your own device policy if you are going to allow employees to use their personal portable electronic devices. You can require that they have certain anti-virus software installed or that they do not view personally identifiable information while using their devices.
Backups – Not only should you backup everything daily, but it could be a good idea to do it hourly or in real-time if possible. Also, have backups in multiple places such as a hardware backup and one in the cloud as well.
Cyber Security – If it makes financial sense, having a specific team of cybersecurity professionals may be worth the investment. They can constantly monitor your network and help to prevent a cyber attack from happening.
CoverWallet is a one-stop-shop when it comes to Cyber Liability insurance. You can purchase all of your policies through us, and do so online and quickly. It has never been easier to protect what matters. Explore your options and shop conveniently online today.
Leave your email so that your quotes will be sent directly to your inbox.
We won't spam you, we hate it too.