By Cindy Dolan, CPA, CIC, CWCP
President and CEO
Technology is already a crucial component of the healthcare delivery system. As patient care becomes more digital, cyber risk continues to be a growing exposure in the healthcare industry. Risks include the storage of sensitive patient information, regulatory compliance, loss of use of computerized systems, and liability to others for damages resulting from a breach of your data or systems.
Cyber liability insurance covers a broad category of cyber-related exposures providing for reimbursement for expenses you may incur because of a data breach (first-party coverage) and damages or harm that may be sustained by someone else as a result of your breach (third party liability.)
Included in your coverage with the LHA Trust Funds are cyber limits of $100,000/$100,000 to cover costs you may incur resulting from a system breach for:
- Notifying patients or employees of a privacy breach including credit monitoring fees
- Restoring data or computer programs
- Ransomware or extortion
- Income loss from lack of use of systems
- Revenue loss resulting from adverse media reports
- Defense costs resulting from billing errors, EMTALA, Stark, or HIPAA proceedings
Coverage is also provided for liability to others from allegations resulting from negligence, including your defense costs, related to:
- Defamation in your printed materials or on your website.
- Failing to prevent or hinder a security breach.
- Civil or administrative fines resulting from a government investigation or regulatory proceeding.
- Fines or penalties assessed against you by the Payment Card Industry Council.
For a more detailed description of the coverages outlined above, please click here.
Cyber liability policies are very complex, have many exclusions and coverage triggers carefully defined. Consequently, the allegations and facts surrounding an actual event determine if coverage applies. Often, cyber policies also provide coverage for privacy breaches resulting from paper records, vendor breaches, or other breaches of patient information. Always let LHA Trust Funds know if there is any type of privacy breach, including a breach of patient confidentiality, ransomware attack, or some other cyber event so we can help you determine if there may be coverage under the cyber policy.
While $100,000 may well cover the cost of one ransomware attack, it will not be enough to compensate for lost revenue if you are unable to see patients, have damaged equipment, need system restorations, or if your patients sustain damage/harm as a result of a breach.
Higher cyber liability limits are available through our partnership with Tokio Marine. The higher limits policy form offers broader coverage than described above. We will explore additional coverage features in this month’s cyber liability blog series.
To discuss your cyber liability policy or obtain an estimate on the cost of higher limits, please contact Client Services Supervisor Lisa Pike at (225) 368-3827 or email@example.com.
Because cybersecurity risks are constantly evolving, we want our LHA Trust Funds members to be as knowledgeable and prepared as possible. Search our Cyber Liability & Risk Toolkit for the latest information regarding cyber liability risks.
Need more resources? Explore the LHA Trust Funds toolkit library here.