Cyber Liability Risk
No medical practice or healthcare organization is immune to cyber liability. Your Electronic Health Record (EHR) and computer network is the lifeblood of your organization. A computer virus or unauthorized access to your EHR or network can cause significant damage throughout your organization including serious financial risk
It does not matter whether you store company information in a cloud, on your network or through a third party vendor, you are still at risk for cyber loss. It is paramount that your organization understands its cyber risk exposures and implements risk strategies and mitigation techniques to minimize exposures when confronted with a cyber-breach.
What are the common healthcare exposures?
- Virus infecting your EHR, electronic network, cloud or third party vendor site
- Security breach to your data by outside source
- Theft or loss of protected health information, corporate information or financial data
- Destruction and complete loss of information stored on network
- Improper use of social media
- Theft or loss of mobile devices that have access to PHI
Who is at risk?
If your electronic network, cloud or third party vendor site is compromised by a virus or breach, your organization has a duty to protect:
- Board of Directors
What is at risk?
- Loss of a patient's Protected Health Information (PHI)
- Loss of credit card and other corporate financial data
- Employee information
- Reputation of the practice
- Legal costs to defend first party and third party liability claims
- Loss of income to business
Hospitals and large healthcare systems are not the only organizations vulnerable to cyber liability. Small to mid-size medical practices and healthcare organizations are also at risk.
Cyber liability claim example
A five-surgeon medical practice had 32,000 patient records accessed due to a security breach. Appropriate reporting and regulations requirements were triggered. Upon review and investigation, the practice was required to notify every patient via certified mail, identify the breach on their website homepage and provide credit monitoring services for those affected. A forensic IT team was also required to identify how and where the breach occurred.
Total damages and attourney expenses: $322,000
How to protect against cyber liability exposures
Effective risk management
- Develop an emergency response team to identify and delegate responsibility when a security breach is discovered
- Protect PHI and other confidential information with encrypted software programs
- Review vendor relationships to confirm their privacy procedures and use of encryption
- Confirm that all third part vendor or cloud relationships carry cyber liability insurance
- Institute regular IT security tests of EHR, networks and software programs
- Develop and implement an encryption program for use on all hand held and mobile devices that have access or will share PHI and other company information
- Develop and enforce a social media monitoring program in the office and for use on all company electronic sites
Cyber liability insurance
- Access to risk management materials to manage cyber exposures
- Breach notification and credit monitoring support
- IT and security forensic protection to detect how cyber loss occurred
- Provides legal representation and pays legal defense
Cyber liability exposures place your organization at a great risk. In today’s healthcare environment they are as prevalent as a malpractice claim or employment practices liability claim. Smith Brothers Healthcare Practice assists its clients in addressing the risk issues connected to cyber losses. We can work with you to develop a risk management plan and also add cyber liability insurance to protect against loss.
To learn more about your cyber exposures and how to reduce your risk, please contact David Burke, Professional Risk Specialist at Smith Brothers: 860 430-3256 or DBurke@SmithBrothersUSA.com.