Top 5 Reasons Why Healthcare Professionals Need Cyber Insurance
Cyberattacks are becoming more frequent and sophisticated, targeting various industries and sectors, including healthcare. Healthcare professionals, such as doctors, nurses, dentists, pharmacists, therapists, and others, handle sensitive and confidential data, such as personal, medical, and financial information, of their patients and customers. This data is valuable and attractive to hackers, who can use it for identity theft, fraud, blackmail, or extortion. Moreover, healthcare professionals rely on technology and devices, such as electronic health records, telemedicine, medical devices, and others, to provide quality and efficient care to their patients and customers. However, these technology and devices are vulnerable to cyberattacks, data breaches, or network disruptions, which can compromise the data, disrupt the operations, or harm the patients and customers.
Therefore, healthcare professionals need cyber insurance, a type of insurance that covers the losses and liabilities arising from cyberattacks, data breaches, or network disruptions. Cyber insurance can help healthcare professionals to cover the costs of notifying affected patients and customers, restoring data and systems, paying ransom demands, defending lawsuits, settling claims, or paying fines or penalties. Cyber insurance can also provide essential resources, such as cyber experts, legal advisors, public relations consultants, and others, to help healthcare professionals respond and recover from a cyber incident.
In this article, we will explore the top 5 reasons why healthcare professionals need cyber insurance and how it can benefit them.
1. You are a target
The healthcare industry is one of the most targeted and vulnerable sectors for cyberattacks, as it holds valuable and sensitive data, such as personal, medical, and financial information, that can be used for identity theft, fraud, blackmail, or extortion. According to a report by IBM, the healthcare industry had the highest average cost of a data breach in 2020, at $7.13 million per breach, which was 84% higher than the global average of $3.86 million. The report also found that the healthcare industry had the longest average time to identify and contain a breach, at 329 days, which was 49% longer than the global average of 280 days. Some examples of cyberattacks that have affected healthcare professionals are:
- In May 2021, Scripps Health, a San Diego-based health system, was hit by a ransomware attack that disrupted its online portal, email system, scheduling system, and patient care. The attack affected more than 147,000 patients, whose personal and medical information was stolen by the hackers. The attack also caused significant financial losses and operational delays for the health system.
- In February 2021, a dental practice in Florida was hacked by a cybercriminal who accessed and encrypted its patient records and demanded a ransom of $1.4 million to restore them. The dental practice refused to pay the ransom and had to rebuild its records from scratch, which took months and cost thousands of dollars.
- In December 2020, a group of hackers known as REvil claimed to have stolen more than 2 terabytes of data from a cosmetic surgery clinic in London, including before and after photos of celebrities and royals. The hackers threatened to publish the data online unless the clinic paid a ransom of $30 million.
These examples show that healthcare professionals are at a high risk of cyberattacks, which can result in data loss, reputational damage, operational disruption, financial losses, legal liabilities, and patient harm. Cyber insurance can help healthcare professionals to mitigate these risks and protect their data, reputation, operations, finances, and patients.
2. You are regulated
The healthcare industry is subject to various laws and regulations that protect the privacy and security of sensitive data, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada. These laws and regulations require healthcare professionals to implement appropriate safeguards to protect the data they collect, store, use, or share, and to report any data breaches or incidents to the relevant authorities and affected individuals. Failure to comply with these laws and regulations can result in hefty fines or penalties, as well as lawsuits or claims from patients, customers, or regulators. For example:
- In April 2021, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) imposed a $5.1 million settlement on a health system in Texas for violating HIPAA, after an investigation revealed that the health system failed to protect the electronic protected health information (ePHI) of more than 6,000 patients from unauthorized access by its former employee.
- In July 2020, the UK Information Commissioner’s Office (ICO) issued a £275,000 fine to a pharmacy in London for failing to comply with GDPR, after an investigation found that the pharmacy had left approximately 500,000 documents containing personal data, including medical information, in unlocked containers at the back of its premises.
- In November 2019, the Office of the Privacy Commissioner of Canada (OPC) issued a notice of violation and a $100,000 penalty to a dental clinic in Alberta for violating PIPEDA, after an investigation found that the dental clinic had failed to report a ransomware attack that affected the personal information of more than 5,000 patients.
These examples show that healthcare professionals are subject to strict and complex regulations that govern the privacy and security of sensitive data, and that non-compliance can result in severe consequences. Cyber insurance can help healthcare professionals to comply with these regulations and cover the costs of fines, penalties, lawsuits, or claims arising from a data breach or incident.
3. You are dependent
Healthcare professionals depend on technology and devices, such as electronic health records, telemedicine, medical devices, and others, to provide quality and efficient care to their patients and customers. However, these technology and devices are vulnerable to cyberattacks, data breaches, or network disruptions, which can compromise the data, disrupt the operations, or harm the patients and customers. For example:
- In September 2020, a hospital in Germany was forced to divert emergency patients to other facilities after a ransomware attack crippled its IT systems and caused a delay in the treatment of a patient who later died. The attack was considered the first case of a cyberattack resulting in a death.
- In August 2020, a dental practice management software company in the United States was hit by a ransomware attack that affected more than 400 dental offices across the country. The attack encrypted the data and systems of the dental offices, preventing them from accessing patient records, scheduling appointments, processing payments, or performing other functions.
- In May 2017, a global cyberattack known as WannaCry infected more than 200,000 computers in 150 countries, including many in the healthcare sector. The attack affected the National Health Service (NHS) in the United Kingdom, causing the cancellation of more than 19,000 appointments, the disruption of more than 600 general practices, and the infection of more than 200 medical devices, such as MRI scanners, blood storage refrigerators, and theatre equipment.
These examples show that healthcare professionals depend on technology and devices that are vulnerable to cyberattacks, data breaches, or network disruptions, and that these incidents can have serious impacts on their data, operations, or patients. Cyber insurance can help healthcare professionals to restore their data and systems, resume their operations, and compensate their patients or customers in the event of a cyber incident.
4. You are responsible
Healthcare professionals are responsible for the data they collect, store, use, or share, and for the care they provide to their patients and customers. If a cyberattack, data breach, or network disruption affects their data or care, they can face legal liabilities from their patients, customers, or third parties, such as business partners, vendors, or regulators. These liabilities can result in lawsuits, claims, or complaints, which can damage their reputation, credibility, and trust, as well as incur significant legal costs and settlements. For example:
- In January 2021, a class action lawsuit was filed against a health system in California for violating HIPAA and other laws, after a ransomware attack exposed the personal and medical information of more than 200,000 patients. The lawsuit alleged that the health system failed to implement adequate security measures to protect the data and to notify the affected patients in a timely manner.
- In December 2020, a settlement was reached between a health insurance company in the United States and 41 states and the District of Columbia, after a data breach in 2014 exposed the personal information of more than 78 million customers. The settlement required the health insurance company to pay $39.5 million to the states and to implement various security improvements to prevent future breaches.
- In October 2020, a complaint was filed against a hospital in Ireland by a patient who claimed that his personal and medical information was leaked online by hackers after a ransomware attack. The patient alleged that the hospital breached his privacy and data protection rights and caused him distress and anxiety.
These examples show that healthcare professionals are responsible for the data and care they provide, and that they can face legal liabilities from their patients, customers, or third parties in the event of a cyberattack, data breach, or network disruption. Cyber insurance can help healthcare professionals to defend themselves against lawsuits, claims, or complaints, and to cover the legal costs and settlements arising from a cyber incident.
5. You are proactive
Healthcare professionals are proactive in preventing and mitigating cyber risks, by implementing various security measures, such as encryption, firewalls, antivirus, backups, passwords, training, policies, and others, to protect their data, systems, and devices. However, these security measures are not foolproof, and they can be bypassed, breached, or compromised by hackers, who are constantly evolving and adapting their techniques and tools. Moreover, human errors, such as clicking on phishing links, losing devices, or misconfiguring settings, can also expose the data, systems, or devices to cyber risks. Therefore, healthcare professionals need cyber insurance, as a complementary and essential layer of protection, to cover the losses and liabilities that their security measures cannot prevent or mitigate. Cyber insurance can also provide access to cyber experts, who can help healthcare professionals to assess their cyber risks, improve their security posture, and respond and recover from a cyber incident.
Conclusion
Cyber insurance is a type of insurance that covers the losses and liabilities arising from cyberattacks, data breaches, or network disruptions. Healthcare professionals, such as doctors, nurses, dentists, pharmacists, therapists, and others, need cyber insurance, as they handle sensitive and confidential data, rely on technology and devices, are subject to laws and regulations, are responsible for their data and care, and are proactive in preventing and mitigating cyber risks. Cyber insurance can help healthcare professionals to cover the costs of notifying affected patients and customers, restoring data and systems, paying ransom demands, defending lawsuits, settling claims, or paying fines or penalties. Cyber insurance can also provide essential resources, such as cyber experts, legal advisors, public relations consultants, and others, to help healthcare professionals respond and recover from a cyber incident.
FAQs
What is cyber insurance?
Cyber insurance is a type of insurance that covers the losses and liabilities arising from cyberattacks, data breaches, or network disruptions.
Why do healthcare professionals need cyber insurance?
Healthcare professionals need cyber insurance because they handle sensitive and confidential data, rely on technology and devices, are subject to laws and regulations, are responsible for their data and care, and are proactive in preventing and mitigating cyber risks.
What are the benefits of cyber insurance for healthcare professionals?
Cyber insurance can help healthcare professionals to cover the costs of notifying affected patients and customers, restoring data and systems, paying ransom demands, defending lawsuits, settling claims, or paying fines or penalties. Cyber insurance can also provide essential resources, such as cyber experts, legal advisors, public relations consultants, and others, to help healthcare professionals respond and recover from a cyber incident.
How to get cyber insurance for healthcare professionals?
To get cyber insurance for healthcare professionals, you can contact an insurance broker or agent, who can help you to find the best policy for your needs and budget. You can also compare different policies and quotes online, from various insurance providers or platforms.
If you are a healthcare professional who wants to protect your data, reputation, operations, finances, and patients from cyber risks, you should consider getting cyber insurance. Cyber insurance can provide you with peace of mind, as well as financial and professional support, in the event of a cyberattack, data breach, or network disruption. To learn more about cyber insurance and how it can benefit you, contact us today for a free consultation and quote.