By Glenn Day, chief sales officer and practice leader of healthcare, HUB International.
True Story: An employee at one New England medical practice stayed after hours to search patient records for gossip on her neighbor. She found what she was looking for – evidence that the neighbor was seeking psychiatric counseling. She posted it on Facebook. As soon as the clinic discovered what happened, the employee was terminated.
But, the damage had already been done. The practice was named in a lawsuit for failing to properly supervise the employee and safeguard patient medical records. Without cyber coverage, the medical clinic was on their own for legal fees and settlements.
Healthcare data breaches are complex and this story is just one example. It doesn’t matter who the perpetrator of the breach is, the responsibility for regulatory-compliant breach response almost always falls upon the original data collector.
With more than half – or 63% – of healthcare cybersecurity breaches caused by criminal or malicious activity; hacking accounts for 20% and ransomware represents 10% of healthcare breach claims.
Data breaches have also brought new regulations and guidelines to healthcare, like the HIPAA and ransomware guidelines published by the Department of Health and Human Services. The rule requires HIPAA-covered entities that have suffered a ransomware attack to prove thorough a documented investigation that their data wasn’t actually acquired, but only frozen by the hacker.
These forces have contributed significantly to healthcare’s rising data breach costs. According to the Ponemon 2017 Cost of Data Breach Study, healthcare has the highest per capita data breach cost.
Having a robust healthcare cybersecurity policy, and understanding what’s covered and what’s not can help alleviate losses and put your healthcare institution into the driver’s seat post-breach.
Here are seven things you need to know about healthcare cybersecurity coverage: