By now healthcare providers are well aware of the significant increase in cybersecurity incidents over the last two years. This has largely been driven by the rapidly growing prominence and sophistication of ransomware attacks. According to Cybersecurity Ventures, in 2021 the US healthcare system lost more than $21 billion from ransomware alone. In addition to potential patient safety issues, cyber events can mean a substantial increase in operating costs resulting from loss of productivity, service disruption, reputation damage, response and recovery activities as well as potential regulatory fines and patient/employee claims. Cyber liability insurance can cover these losses and is now a best practice and an essential part of an effective cybersecurity and privacy program.
The number of different policies available for cyber liability coverage along with a plethora and ever-increasing number of endorsements that can be added to policies makes the evaluation and selection of the best coverage for the organization a challenging process.
There are several key elements of cyber insurance coverage that healthcare providers should look for in a cyber liability policy. These coverages include:
Coverage for costs incurred as a result of a cyber event, such as an inability to provide services for a period of time due to a ransomware attack.
Coverage for lost revenue if a vendor that is heavily relied upon experiences a breach that causes the organization to suffer financial loss.
Coverage for the cost of cyber events like ransomware can include hiring a negotiator and even the ransomware payment.
Coverage for costs incurred for response and recovery from a data breach. That can include Forensics, Incident containment and remediation, Victim Notification, Public Relations, and Credit Monitoring.
Includes costs for defending against a lawsuit brought by your customers as a result of a data breach.
Covers the cost of regulatory fines if it is determined that the organization failed to adequately protect patient data during a breach by not fully adhering to baseline cybersecurity laws and requirements.
Coverage for losses and cost of defense for lawsuits related to network security liability. It also typically includes electronic media liability.
Provides protection for types of cyber events that include financial fraud such as electronic theft, fund transfer, and invoice manipulation fraud.
Consider engaging a compliance IT expert or an attorney who can help you with the response process. In most cases, the cybersecurity insurance will have an incident response team who will provide support, but they will want a lot of information and you may need to quickly address any open threats. Once cybercriminals become aware of a vulnerability in software, they will go looking for practices to exploit. Chances are that the criminal was already targeting the vendor long before the notice went out, so you must act fast.
The coverage limits, deductibles, triggers, scope, and premiums can vary greatly from one carrier to another and is also dependent on the overall level of risk mitigation and protection your current cybersecurity and privacy program provides. At Coker, we believe that securing the right policy for our clients is a process. We can help you understand your risks and exposures and work with you to craft a policy that will provide the best and most affordable coverage for your organization. As an initial step, we are more than happy to provide a high-level review of your current policy at no charge.
For a FREE consultation on cyber liability insurance, please submit your contact information and request to speak with Dan Stewart. For additional cybersecurity. and cybersecurity insurance resources, click on the links below.