All types of healthcare providers are at increased risk of data breach and should have comprehensive Cyber Risk Insurance. The FBI has issued warnings to the healthcare sector:
Cyber actors will likely increase cyber intrusions against healthcare systems--to include medical devices--due to mandatory transition from paper to electronic health records, lax cybersecurity standards, and a higher financial payout for medical records in the black market. (see HealthData Management here)
The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely. (see Data Breach Today here)
Information is more valuable to cyber criminals:
Demand for medical information…remains strong on criminal marketplaces, experts said, partly because it takes victims longer to realize the information has been stolen and report it, and because of the different ways the information can be used. Cyber criminals were getting paid $20 for health insurance credentials on some underground markets, compared with $1 to $2 for U.S. credit card numbers. (see Reuters here)
In addition to using healthcare information for financial fraud (through identity theft), the information can be used to fraudulently obtain controlled substances.
Cyber Risk Insurance is necessary for all healthcare providers, is easy to obtain and is affordable (see here). Premiums for small healthcare providers, such as allied health and physician offices, are low. More importantly, comprehensive coverage is a must. Not all insurance policies are the same and exposures vary, so no one policy is right for all organizations. We recommend you work with an expert in order to ensure you are getting a comprehensive insurance policy with adequate limit that is right for your organization.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber), including Cyber Risk Insurance.