More healthcare providers purchasing cyber insurance

With an increase of technology in the healthcare industry, providers now have a greater risk of being hacked and patient data being exposed. Due to that growing threat, more physicians are purchasing cyber insurance.

A report by Medical Economics recently discussed the importance of providers not only having cyber insurance, but also knowing what those policies cover, how they work and the costs.

With patient data increasingly being shared between providers, labs and insurers, the likelihood of data breaches is also rising. Many breaches also involve electronic health record (EHR) systems.

“Cyber criminals target healthcare organizations because their data contain patient names, birthdates, addresses, social security numbers, credit card numbers and health insurance information,” the report said. “Whether the hackers use the information themselves or sell it to others on the black market, that’s all that’s needed to steal identities and commit fraud. That’s why healthcare data is more valuable even than credit card records.”

Physicians are purchasing cyber insurance policies to fend off any threats of a breach. According to the report, coverage typically includes losses and damages resulting from patient data being stolen, exposed, held for ransom or improperly shared. It also covers things like hacking, ransomware and accidents that result in data being exposed.

"Cyber insurance helps providers deal with the consequences of data breaches, which can range from relatively minor to catastrophic," the report said. "The assistance provided can include: paying regulatory fines and penalties; compensating for loss of income from downtime or lost patients; hiring IT experts to find and fix the breach; hiring a call center to handle inquiries from patients; hiring a public relations firm to deal with unwelcome publicity; hiring attorneys to represent the practice in any lawsuits filed by patients (as well as any damages awarded); and paying ransom to free hijacked data."

Some providers might have cyber insurance through their malpractice or general business policies, so it’s important to check what’s included before buying additional coverage. It’s also important to know how a cyber insurance provider would respond if a breach were to happen.

"Unlike a fire, managing a data breach often requires the help of a team of experts, not just a check to cover damages. Depending on the nature and size of the breach, that team can include lawyers, forensic accountants, IT experts, publicists and call center operators, among others," the report said.

The cost of cyber insurance policies vary. In the report, Christine Marciano, a cyber insurance broker, said a five-physician primary care practice should have between $1 million and $5 million in coverage. That type of policy would cost about $1,500 to $8,000 a year.

"Coverage can be purchased from general insurers or companies that specialize in cyber insurance," the report said. "Some insurers will assess a practice’s cyber security practices before deciding whether to write a policy and recommend ways to decrease risk, such as encoding laptops and improving passwords."