Will your insurance coverage protect you against the latest threats?
There’s been a surge in large-scale cyberattacks against health care organizations this year, disrupting services and putting lives and private patient data at risk. It’s also intensified public pressure for the industry and regulators to do a better job of hardening defenses.
The early August cyberattack against facilities across five states run by Prospect Medical Holdings shuttered services at various emergency rooms and primary care clinics, and necessitated a reversion to paper records until data control and recovery were effected.
It was a continuation of escalating cybercrimes against the industry this year. By June, more than 300 cyberattacks and health data breaches had been reported to the U.S. Department of Health and Human Services. The two largest alone affected more than 14 million people.
The industry needs to put better controls in place. But providers also need to get up to speed on today’s cyber risks and grow a better understanding of the evolving insurance marketplace. Here are some starting points.
Four favored cyberattack ploys
Cyber crooks are creative in finding new and different ways to get what they want. They have a lot of patience, often lurking in a system for months – over 200 days on average – before pulling the trigger. And victims don’t even know their defenses have been breached until the worst happens.
Among today’s most common ploys:
No one is immune. Health care organizations are a trove of sensitive data, both health related and payment cards. While large companies are particularly vulnerable as big centralized pools of information, smaller operations don’t escape notice either. Smaller organizations may think they are too small for cyber criminals to worry about are less prepared for breaches. They should think again: One study found that almost 60% of ransomware attacks were against small- and medium-sized businesses.
The market for cyber insurance has been under pressure in recent years. It’s gotten more expensive as cyber attacks, losses, and claims have intensified. Still, if premiums have gotten heftier, that’s nothing compared to the cost of recovering from a ransomware attack. Plus, carriers have stepped up their risk management requirements of health care clients, which has helped to strengthen the industry’s defenses.
It’s important to look at specific, individual cyber risks and exposures, rather than standard benchmarking measures. Being aware of some nuances of cyber insurance also helps. Here are some pointers.
Pete Reilly is the practice leader and Chief Sales Officer of global insurance brokerage Hub International’s North American healthcare practice.In this role, he directs and coordinates HUB’s health care planning, growth and strategic initiatives. He also works with other leaders and experts within HUB to develop and introduce proprietary products that will help healthcare organizations and providers across the care delivery spectrum.