Data security risks are not going away in the health care sector and while strategies such as employee training and a strong data breach response system help, a new option to protect your business is emerging: cyber liability insurance.
Health care cybersecurity spending is predicted to grow to $65 billion between 2017 and 2021, according to the Experian 2018 Data Breach Industry Forecast. Experian also reports health care organizations will be the most targeted industry this year as new and sophisticated attacks are on the horizon.
The U.S. Department of Health and Human Services (HHS), media or state attorneys general received 233 breach industry reports from January to June 2017. “For the 193 attacks for which there are numbers, 3,159,236 patient records were affected,” according to Experian.
Providers are increasingly purchasing cyber liability insurance policies to ensure financial protections and resources to work through data breaches and maintain their reputation are in place, Becker’s Hospital Review Content/Strategist Editor Brooke Murphy reports in the white paper “Can Health Care Providers Afford Not to Have Cyber Insurance in 2018?”
“As cyber threats become the reality, and as [insurance] carriers have identified how significant and complex online exposure is, cyber liability policies have become more refined and more necessary,” James Fasone, senior vice president and national health care practice leader for Key Insurance & Benefits Services said in the white paper.
Purchasing cyber liability insurance may ultimately be more affordable than the costs to providers after a data breach occurs, from attorney’s fees to purchasing credit monitoring systems for affected consumers, according to the white paper. That’s not to mention the costs from any disruptions to providers’ business and as a result of time spent notifying patients.
And, even if providers spend money on the front end to protect their company and data from a cyber-attack, cyber criminals continue to find their way around firewalls and security systems. And, remember, the strongest security protections can still be put at risk by human error if not used properly.
Employees continue to present a big risk to companies, according to Experian. Regular training and a refresh of your data security policies are critical to staying ahead of threats and risks to sensitive information and data. It’s also helpful to limit the number of employees who have access to sensitive data, especially on mobile and portable devices. Make sure you have a strict policy for access and transport of mobile and portable devices containing sensitive information.
“Cyber liability insurance helps hospitals cover the costs of a data security breach for things like identity protection solutions, public relations, legal fees, liability and more due to loss, theft and unauthorized disclosure of data,” according to Becker’s Hospital Review.
When considering if cyber liability insurance is right for your business, and the level of insurance that is the best fit, it comes down to matching coverage with your “business objectives, asset vulnerability, third-party risk exposure and other external factors,” Murphy reports.
“The cyber insurance industry in the last three to five years has rapidly evolved to meet the needs of health care businesses in a digital world,” Fasone said in the white paper. “That means there are many more companies in the market offering a greater variety of coverage.”