The world is an ever-growing complex network of connectivity. Businesses operating in today's environment are entrusted with increasingly more points of personal data—stored and shared both physically and digitally. The reality for businesses and consumers, alike, is no longer "if" their data is breached, but rather "when" such an event will occur. Medical practices, like financial institutions, are among the top industries targeted by cyber criminals for the nature of the information they store—social security numbers, date of birth, financial information are all hot items for criminals. With 174 million compromised records in 2012, according to the Verizon Data Breach Investigations Report, it is vital for companies to invest in cyber liability insurance to protect themselves and their clients from harm.
Gallagher Healthcare is equipped to help find the best protection for your practice
- Cyber liability is unauthorized use of or access to electronic data or software within your business or network.
- Standard business liability coverage does not protect the "intangible" assets such as electronic data.
According to a cyber-risk assessment firm's 2012 report, the average cost per breach is $3.7 million, with the majority of the costs in legal damages. This is up from $2.4 million in 2011. The average legal defense cost alone is $582,000, with an average settlement of $2.1 million. The cost per breached record is approximately $4 per record.
"Think of the number of records your practice manages and the number of access points that exist to these records, including the number of authorized personnel," Richard Waldman at Gallagher Healthcare warns. "The risk is much higher than one may suspect. The damages, both financial and to your reputation, can be debilitating to your ¬practice and your patients."
Medical practices, like other small businesses, are more vulnerable to attacks because criminals know they have little or no technical experts monitoring their system, and likely do not have protocols in place to contain an incident of security breach when it occurs. Cybercriminals continue to streamline and automate their methods of attack. Your practice should to be prepared to protect against such incidents and further protect yourself with a solid cyber liability policy that is fit for your practice's points of vulnerability.
The most common risks include:
- theft of laptops and mobile devices that store sensitive, private information
- network security breaches from malware
- unauthorized access or use of private information
- slander and copyright infringement
It is important to understand what your standard professional medical liability insurance policy may cover in terms of electronic data loss to determine what coverage you will need in addition. Gallagher agents are always available to help review your current policy and identify areas you may need additional cyber liability coverage. Cyber liability insurance policies may include:
- defense costs
- data recovery costs
- notification services
- credit monitoring services for victims
- public relations expenses
- business interruption
- service provider breach
Most incidents of data breach are preventable with basic or intermediate security controls. Security experts suggest following basic procedures to strengthen your system, such as password encryption and frequent password updates, use of firewalls, virtual private networks (VPN), and anti-virus and spam software. If you utilize virtual cloud storage, consider cloud-specific security tools and find a policy that covers service provider breaches. Unfortunately your practice may be liable if your service provider experiences a breach that results in unauthorized access to your patients' information.
It is important to review, identify, and create your practice's security protocols, and to train your staff on the procedures. An IT security policy will identify your critical assets and define policies for physical security of data, account management, back-up and recovery systems, and establishes a crisis plan for when a breach occurs. This exercise will also help you and your Gallagher agent evaluate and determinate which policy is best suited for your needs.
With our growing integration of technology into our businesses and lives, the potential for cyber risks still unknown is great. Protect your practice and protect the privacy of your patients with the right tools, procedures, and coverage. Call your Gallagher Healthcare agent to schedule a review of your current coverage and to discuss protecting your practice from cyber liabilities.