In the healthcare industry, breach is the new black. The healthcare industry has become a favorite cyberattack target among hackers—and the tide shows no signs of slowing any time soon. With both the threat and potential consequences of hacking, data breaches, and other cybersecurity concerns on the rise, more primary care physicians are looking into picking up cyber insurance coverage, according to an article in Medical Economics.
Depending on the policy, cyber insurance offers providers coverage for both deliberate actions (such as a ransomware attack) and accidental incidents (such as loss of an unencrypted laptop or device). According to the article, types of financial assistance a cyber insurance policy may provide in the wake of a breach include:
- Payment of regulatory fines and penalties
- Compensation for loss of income
- Hiring attorneys
- Payment to free data locked by ransomware
Providers may already have some cyber insurance coverage through their malpractice or general business policies, which is generally limited to about $30,000, according to the article. Data breaches and cybersecurity incidents can be costly for providers; in one example provided in the article a provider estimated a loss of $40,000 to $50,000 due to unrecovered patient payment records alone.
The article included a few key things to know for providers that are considering buying cyber insurance, including:
- Know what coverage you already have
- Understand the type of help the policy will provide in the event of a breach
- Larger practices are at greater risk and can expect to pay more for policies
- Cyber insurance costs less than malpractice and liability insurance (a $1 million umbrella cyber policy would cost between $1,200 to $5,000 a year)
- Both general insurers and those that specialize in cyber insurance offer coverage
- Just because a practice is small doesn’t mean it is safe from the threat of a cyberattack—in fact, they might be more vulnerable
“Besides the coverage itself, the real benefit of cyber insurance is being able to turn over management of the crisis to a carrier with experience in data breaches,” the article stated. After receiving notification of a breach from a policyholder, insurers will assess the situation and hire the vendors and contractors needed to mitigate the damage.
Sarah Sheber is assistant editor/web editor at Journal of AHIMA.