– Volume of personally identifiable information and health information stored on shared systems
– Creation and transmission of Electronic Health Records (EHRs) and Personal Health Records (PHRs)
– Reliance on external service providers for payment processing and laboratory testing
– Liability for risks created by providers under regulatory statutes
Any healthcare business should have appropriate risk management planning and care insurance in place to ensure it is adequately covered in case of disruptive eventualities. These are some precautionary measures to take:
Every member of staff, from doctors to administrators, plays a role in keeping an organisation secure. But many are not aware of how their day-to-day activities might open the doors to a data breach.
Education for staff is essential in protecting against CEO and dishonesty fraud. Employees’ knowledge on what to watch out for and the processes in place if there is a cyber breach should be gauged to find any information gaps.
- Create a cybersecurity policy
A good cybersecurity policy is essential in managing security throughout an organisation. Without an effective Identity and Access Management (IAM) policy in place, a business is left vulnerable to an external breach.
A good Cyber Liability policy should help protect a healthcare business by:
– Taking action
A good cyber policy will react as soon as a cyber security incident is flagged. It should cover liabilities on everything from media and data security to viruses and hacking.
Comprehensive cyber insurance should also cover any additional costs stem from initial liabilities. This includes the costs of customer notifications, credit monitoring and legal fees.
– Repairing the damage
In addition to hiring forensics to identify root causes of a security breach, the policy should offer a cyber consultant to help mitigate damage to reputation.
- Carry out cyber threat assessments
A cyber threat assessment can show how staff are using applications. It not only helps ensure that cybersecurity policies are being followed, but improves compliance and patient data protection.
It is also prudent to build a model to quantify costs of a data breach and create an assessment for loss arising from data loss.
Cybercrime is constantly evolving, and new technologies bring with them new and unprecedented risks. A comprehensive cyber insurance policy should promise to cover all cyber related liabilities as well as managing any long-term fall out. These include:
- Regulatory defence and penalties – Payment for amounts which the business is legally obliged to pay as a result of a civil regulatory action, regulatory compensatory award, civil penalty, or fines (as insurable by law), imposed by a government or public authority regulator.
- Cyber extortion – Expenses incurred by you and the business, including the value of any ransom paid for the purpose of terminating a cyber-extortion threat.
- Data breach notification – The cost of consumer notifications following a data breach, to comply with data breach law. This includes legal fees, costs to send and administer notification communications, as well as the costs of call centre services to respond to enquiries and queries following a notification communication.
- Business interruption – Loss of business income resulting from the total or partial interruption, degradation in service, or failure of information and communication solutions.
- Fraudulent Representation – Payment for loss of the insured’s money, property, products, goods, services or other financial benefit, where such losses are as a direct result of a fraudulent electronic communication designed to impersonate the partners, directors or members of the insured.