Could your policy’s current limits support a data breach?
In October 2020, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning specifically to U.S. hospitals and healthcare providers about an “increased and credible cybercrime threat.” The healthcare industry is particularly susceptible to ransomware attacks. There are clear reasons for these vulnerabilities:
Overall stress: Healthcare providers work in a high-stress environment under normal circumstances. The pandemic has made that worse, creating vulnerabilities and errors that cybercriminals seek to exploit.
Weak security and unprotected endpoints: The rapid adoption of telemedicine/telehealth brought more unprotected devices and connection points into the healthcare ecosystem. Cell phones, public Wi-Fi networks, even medical devices that rely on wireless technology can be a risk.
High level of interconnectedness: Networked applications expose healthcare organizations to each other’s technical and process weaknesses that cybercriminals exploit to gain undetected access to organizations’ networks and data.
Explaining the costs related to a data breach:
Cyber Claim Example:
A clinic received notice from an IT Security company that the PHI of 88 patients was found on the “Dark Web.” Shortly after, the insured received an anonymous email from a hacker calling himself “The Dark Overlord,”claiming to be in possession of all of the clinic’s information and records.
Cyber Insurance covered:
IT Forensic Consultant: Determined that the PHI was likely accessed by the hacker gaining access to an employee username and password.
Breach Coach and Counsel: Determined that there was a high probability that all of the records were in fact obtained by the “Dark Overlord,” requiring notice to all 544,000 patients.
Legal expenses related to breach investigation: $66,909
