Medical Offices are considered High-Value Targets for Hackers.
It is necessary to collect information on the clients we interact with to effectively serve them. When we do, we create a record with Personally Identifiable Health Information (PHI). While necessary, these records create a liability for the Medical Office who creates them.
HIPAA, GLBA, and HITECH are all pieces of legislation that penalize medical offices for these records being stolen or exposed. The fines and penalties associated can stack up quick.
Below are several examples of situations where this data could get them in trouble.
-
An employee unintentionally sends an email to the wrong person.
-
An employee steals the information and distributes it or sells it to a third party.
-
The loss or theft of a laptop, smartphone, tablet, flash drive, or other electronic storage devices.
-
A coding error that inadvertently makes public patient data on the Practice’s Website.
-
Denial of Service Attacks
-
Phishing emails
-
Network Intrusions by Unauthorized Personnel
Most Practices operate under the assumption that the only risk involving these records is from being hacked. Many independent Medical Offices think that they are too small to be a target. Being a small Medical Office does not shield it from becoming a target by Hackers. It just keeps them out of the National News Cycle.
The US Department of Health and Human Services posts on their website a list of businesses that have been breached and have had over 500 medical records exposed. You can see that there is a wide range in terms of the sizes of the entities that have been breached.
According to the 2018 NetDiligence Cyber Claims Study, the Average Cost of a Data Breach was $603,900. Another study was done by the Ponemon Institute the Average Cost of a Data Breach was $3.86 Million.
It varies but the fact is that a data breach can be a huge cost on any Practice that suffers a data breach.
Cyber Liability Insurance can protect a Practice from the fallout of a data breach. The General Liability Insurance and Malpractice Insurance that is commonly carried will often exclude data breaches and anything in the Cyber Realm. Sometimes they add a sublimit, but that is often very restrictive and very low in terms of limits.
- Damage to your System
- Privacy Liability
- Third-Party Liability
- Business Interruption
- Reputational Harm
- Notification Costs
- Forensic and Investigation Costs
- Regulatory Action Against Your Business
- Fraudulent Financial Transactions
- Cyber Extortion
- Online Liability and Advertising Injury
All of which can be needed during one single Data Breach Claim. As time goes forward, Data Breaches and Cyber Incidents are going to become more and more common. Having a Cyber Liability & Data Breach Insurance Policy will be critical to protecting Medical Practices going forward.
To learn more or to get a quote, Contact Us!