Electronic data breach cases within the healthcare industry are on the rise. This is not surprising given that medical records include a wealth of information that hackers can use to their financial advantage. Fortunately, cyber liability insurance can provide your business with a safeguard so that if a breach should occur, your company’s financial losses will not be devastating. Of course, taking preventive measures is the most important and cost-effective step.
Why Do Hackers Target Medical Facilities?
In 2016, the healthcare industry experienced its highest number of data breaches, with 377 breaches recorded. Compare this to 2011, when only 102 breaches occurred, or to 2005 with only 16, and you can see that the trend is not in your favor. The problem is that medical facilities are entrusted with an incredibly large amount of personal data about their patients, and hackers find this information highly desirable.
Patient names, addresses, occupations, and social security numbers – With this information, hackers can easily manage to pull off identity theft, opening credit cards and taking out large loans in the names of your patients. Most hackers do not engage in the crime of identity theft themselves; rather, they sell the information they have obtained so that others can do it.
Credit card numbers and other billing information – If your facility also handles billing, or you collect copays from customers who are using credit or debit cards, this information is also stored in your computer systems. Hackers can use or sell this information to cheat your customers out of thousands of dollars.
Medical records – Medical records of high-profile patients would be most desirable as information within them, if embarrassing, could be used to blackmail patients or can be sold to tabloids. In other cases, criminals can use the information to scam patients out of money through social engineering. For example, someone who is suffering from diabetes and gallstones may be susceptible to targeted advertising for an unregulated supplement that claims to cure both ailments with no negative side effects. Or, someone who is taking an expensive medication may be persuaded to buy a less-expensive alternative drug over the internet, which can put their health at risk.
In more rare cases, hackers may also target the healthcare facility itself, holding their data hostage. This is known as ransomware. Such was the case in February of 2016 when hackers used Malware to seize control of the Hollywood Presbyterian Medical Center’s computer system, rendering it useless. The hospital ended up paying these criminals $17,000 in Bitcoin for the release of that data.
What Are the Costs Associated with Medical Data Breaches?
So how much might a data breach cost your facility? That depends on a few factors including the scope of the breach, your response, and the damage done.
Obviously, the more people that are affected, the higher your liability costs will be. A breach that is detected and stopped early may be sufficiently handled by offering those who may have potentially been affected credit-monitoring services for one or two years, typically at a cost of about $120 to $180 per year per person affected. While this may seem like a small amount, if you have 5,000 patients in your database, it can cost your company $1.5 million to provide them with two years of credit monitoring.
The real problem comes when a breach is long-lasting, and those affected band together to form a class action lawsuit. Daniel Solove, the founder of TeachPrivacy, reports that according to data collected on 28 class action cases involving medical data breaches, the average settlement awarded to plaintiffs was approximately $2,500 per plaintiff, with most awards being a nominal amount of about $500. The more expensive payouts were given for cases when the hacked data was actually used by criminals, causing the plaintiff harm. In addition to these awards, attorney’s fees for fighting this class action suits came to an average of $1.2 million.
Recent Lawsuits Related to Medical Facility Data Breaches
In addition to having the highest number of medical data breaches on records, 2015 also saw the two cases with the largest scope of people affected:
Anthem, a health insurance company, experienced the largest medical data breach on record. Personal data pertaining to approximately 78.8 million current and former customers and employees was exposed to hackers. Anthem provided all affected with two years of credit monitoring services, and to date, the FBI has found no evidence that the data has been sold, shared or used fraudulently. The total amount that this breach cost Anthem is unreported.
Premera Blue Cross found itself facing five class action lawsuits related to a data breach that affected approximately 11 million customers. The suits claimed that the company waited too long to inform its customers of the breach and that the company did not adequately heed warnings that its network was at risk. The case is ongoing.
How Can Cyber Liability Insurance Help?
According to the American Health Lawyers Association, 87 percent of healthcare lawyers believe that their clients have a greater risk of cybersecurity attacks than businesses operating in other industries. It is therefore extremely important that your healthcare business is suitably protected by a solid cyber liability insurance policy.
A cyber liability insurance policy is designed to provide coverage against the costs associated with electronic data breaches. This can include the costs associated with notifying your customers of the breach, providing them with credit monitoring services, attorney’s fees, court costs, and financial damages. Some companies will even cover the cost of damage control through good-faith advertising.
If you have an extremely large number of patient records in your database, you may want to consider supplementing your cyber liability coverage with an umbrella policy to ensure that your policy can adequately cover you in a worst-case scenario.
In addition to providing financial security, your cyber liability insurance carrier can also provide you with a number of resources to help you prevent this crime from occurring in the first place. In many cases, compliance with your insurer’s security guidelines may be required to retain your coverage.
Where Can I Learn More about Cyber Liability Insurance for My Medical Facility?
If you would like to learn more about cyber liability insurance coverage, you can speak with one of the friendly agents at CoverHound. These agents can help you determine how much coverage is sufficient for your facility and can help you shop around for a competitively priced policy that meets your specific coverage needs. They can also help you review your current business insurance policy to ensure that does not include any unnecessary exposures or insufficient coverage limits. Contact us today for more information.
This article comes from our friends over at TrustedChoice. Trustedchoice.com helps insurance buyers choose the right local independent agent. Our website connects you to agents in your neighborhood who provide affordable and specialized insurance solutions to fit your needs.