Buying that cyber policy you keep putting off just might be one of the best decisions you will ever make.
Rather than paying the ransom and having to deal with all of the headaches, problems and HIPAA violations triggered by the attack, a solid cyber insurance policy will give you much more than just peace of mind. One call can get a team of experts at your defense, covering expenses and taking your practice back!
A good policy will cover:
Cyber Insurance was created to mitigate the liabilities associated with data breaches involving private information and digital assets. A data breach is when an intruder gains access to your electronic network and is able to copy or alter important and private information for the company. Attackers may copy and disseminate information about your users or they may encrypt your private information and demand a ransom to allow you to access it again. Any successful attack that results in a breach has dire consequences for your practice. Firewalls, virus protection, anti-spam systems, and procedures to protect your passwords are not completely secure. One stolen laptop, a hacker, one virus, a lazy or snoopy employee can cause an avalanche of liability to include monetary losses and damage to your reputation.
According to the Ponemeon Institute, one of the top independent research organizations on privacy, data protection and information security policy, 2016 healthcare data breach was calculated to be $402 per record.
Your cyber liability risks are growing so rapidly that many predict they are now greater than your malpractice risk.
Cyber liability insurance for Florida healthcare providers is a growing necessity. Here are three pertinent facts that are concerning:
If a physician uses e-mail, has networked PCs, a website, or stores private patient information on their computer systems or in paper files, then they need cyber insurance. Cyber Insurance was created as a result of the expansion of liabilities against companies for breach of private information, and insurance for digital assets.
You may have firewalls, virus protection, anti-spam systems, and prudent procedures to protect passwords and prevent employees from downloading dangerous material, but these measures are not foolproof. Most malicious attacks use technology that is ahead of the detecting methods, making it a constant game of playing “keep up with the Jonses” mentality of protection.
All it takes is just one stolen laptop, hacker, virus, snoopy employee or even one lost patient’s paper file to create an enormous monetary losses and reputational penalties.
Here a few actual examples to consider, and the ramifications:
The medical records of thousands of patients were accidentally posted by a healthcare system on the Internet. A class action suit was filed for alleged emotional distress of the affected patients. Outcome – A class action lawsuit seeking damages in excess of $10 million has been filed and the federal government has notified the system to prepare for an investigation under HIPAA.
A woman purchased a used computer from a pharmacy. The computer still contained the prescription records, including names, addresses, social security numbers, and medication lists of pharmacy customers.
Outcome –The cost of notifying affected parties per state law totaled nearly $110,000. Two lawsuits have been filed: one alleges damages in excess of $200,000 from a party who claims she lost her job as a result of the disclosure; the second alleges that the plaintiff’s identity was stolen, and that costs of correction and emotional distress will exceed $100,000. A HIPAA investigation is also underway.
A part-time hospital employee gained unauthorized access to confidential electronic patient records and discussed with co-workers an individual’s HIV status. The individual sued the hospital for lack of adequate IT security measures in protecting digital patient records.
Outcome –The hospital was held liable for $250,000. An additional $85,000 was spent on defense.
Hollywood Presbyterian Medical Center was hacked and their entire system was taken ransom after criminals encrypted the hospital’s files and demanded payment in order for the hospital to resume normalcy.
Outcome – The hospital paid $17,000 in bitcoin (internet currency paid in actual cash) to the cyber thieves, and the hospital’s operations were disrupted for roughly 10 days. On top of that, there were patient notifications costs and a pending HIPAA violation investigation.
What is the value of the data and what would it cost to reconstruct the data in the event of a hacker attack or something of that nature? You should consider a Cyber policy today!
If you have a standard cyber policy, you are most probably alarmingly underinsured. Put the experts at your defense in this ever-changing cyber environment. Contact Julie Danna Danna-Gracey at 850.995.9118 for a no-obligation assessment of your current cyber policy. Your practice is worth it!
The Emerald Coast Medical Association strives to provide superior member benefits. By joining, you will gain access to cutting edge continuing medical education, top medical malpractice & cyber liability insurance plans, and a comprehensive group health plan. Our board also continually advocates at the local, State, and Federal level all with a goal to support our physician members with a desire to excel.