A significant fine against a hospital shows the cost of not having, and the need for, strong IT security and Cyber Risk Insurance (also called Data Breach, Privacy and Network Security insurance coverage). According to the HHS (here) and these articles (here & here), a Texas pediatric hospital was fined $3.2 million for breaches and HIPAA compliance failures.
The fine was levied because of “impermissible disclosure of unsecured electronic protected health information (ePHI) and non-compliance over many years with multiple standards of the HIPAA Security Rule.”
Information from U.S. Department of Health and Human Services, Office for Civil Rights (OCR) noted both breaches and non-compliance (here). The hospital filed breach reports in 2010 involving a lost non-password protected, unencrypted mobile device, and another breach report in 2013 involving the theft of an unencrypted laptop, both containing personal data on individuals. An investigation by OCR revealed non-compliance with HIPAA rules, including the failure to implement risk management plans and a failure to utilize encryption in a timely manner.
Given the current cyber risk environment, particularly the growing number attacks, strong IT security is essential. And Cyber Risk Insurance is an essential coverage for businesses of all sizes, particularly healthcare organizations, for financial protection from both criminal attacks and employee error. Not only is Cyber Risk Insurance critical, the coverage must be comprehensive in order to cover a wide range of cyber risk exposures.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability and specialty insurance (E&O, D&O, EPL, Cyber Risk, Specialty).
Specialty Insurance Expertise: Tennant Risk Services
Content © Tennant Risk Services Insurance Agency, LLC, 2005 - 2018 | All Rights Reserved.