Hackers are on the hunt for healthcare data.
The FBI warned healthcare providers to beef up cyber security measures in April 2014. During that time, hacks on healthcare providers were higher than ever, according to a 2015 report by cybersecurity firm Trend Micro.
The report, which analyzes breaches by industry, suggests that the healthcare industry has recently become a lucrative target having shown a steady increase in hacking and malware attacks from 2010 onward.
In fact, U.S. healthcare organizations, including dental practices, make up roughly 33% of all data security breaches across all industries, according to the U.S. Department of Health and Human Services. Almost 21,000,000 health records have been compromised since September 2009 making the health care industry the most breached of all industries.
Medical Records Replete with Patients Personal Information
Healthcare data is more valuable to hackers on the black market than credit card numbers, the FBI said. Through healthcare data, hackers can access bank accounts, obtain prescriptions for controlled substances and commit other forms of healthcare fraud. It doesn’t stop there. In February of this year, cyber criminals targeted Hollywood Presbyterian Hospital in a ransomware extortion plot. Hackers collected $17,000 in bitcoins after disabling hospital communications systems for almost 72 hours.
As storing medical records electronically becomes a necessity to house an increasing amount of information to comply with regulations such as HIPAA, it’s the medical provider’s responsibility of securing those records from potential hackers.
Digital Attacks Spur More Coverage Options
Cyber security has been on the government’s radar for decades. It wasn’t until the dot-com boom of the late 90s, however, that insurance providers saw where opportunities existed to provide coverage for businesses being held liable for security breaches resulting in loss or damage. Even still, widespread adoption did not take off until the mid-2000s when an increase in network extortion crime led to breach notification laws at the state level, and eventually the Security Breach Information Act.
For business owners facing security breach claims and lawsuits, basic coverage typically provides adequate protection in the case of hacking and theft of credit cards or social security numbers, medical or healthcare information.
Additional coverage options may extend to losses incurred from disruption of business, or expenses resulting from breach notification or credit card monitoring services. Some policies will also cover the cost of hiring a PR consultant for damage control.
CWA Chief Compliance Officer Gary V. Moore sees cyber liability insurance as essential to any well-planned risk management program. He enacted a policy within the company many years ago.
As a CPA firm and Registered Investment Advisor with over 1,600 clients across the nation, cyber insurance along with our cyber security measures helps us mitigate risk of a cyber-attack and to assist us in making sure our clients are not adversely affected, he said.
“It is important to have strong cyber protections in place,” Moore said. “Hopefully insurance will not be needed, but insurance is essential if a major event ever occurs. Unfortunately you hear in the news some type of cyber event almost every day.”
Healthcare professionals are responsible for securing an increasing amount of data to adhere to federal regulations. Cyber insurance covers the legal exposure and financial harm possibilities in the instance of an information breach, financially as well as helping a business deal with the crisis.
“The healthcare profession is under attack,” Moore said. “Providers such as our dental clients need to have all the cyber security measures in place, but if you are hacked and something does happen, you’ll want to be covered.”
Is Your Business at Risk?
Financial and insurance consultant Joseph Pantoja works with dental professionals on their coverage decisions. He sees dentists remain busy with day-to-day business functions, and fail to consider a potential data breach until it’s too late.
“Business owners of any size healthcare business need to make time to look at their systems and potential risks,” Pantoja said.
Insurance companies usually require the doctor to implement extra security measures to obtain a cyber liability policy, he said. This can include implementing passcode protections, firewalls, limiting the timeframe of storing credit card information and more.
Cyber liability coverage can run roughly $500 to $1,500 per year. It is a tax-deductible coverage similar to current business owner’s policy coverage. The premium may seem high for startup businesses trying to cut cost, but it’s low considering the risk, he said.
“By getting the policy early on, it will create good habits in the practice and reduce some of the risk potential,” Pantoja adds. “If the doctor chooses to pass on this coverage when they first open, circling back to it at renewal or when cash flow improves is critical.”