Rising Cyber Attacks Costing Health System $6 Billion Annually

Bloomberg News recently published this article in an online magazine: Rising Cyber Attacks Costing Health System $6 Billion Annually by  Shannon Pettypiece

May 7, 2015, A rise in cyber attacks against doctors and hospitals is costing the U.S. health-care system $6 billion a year as organized criminals who once targeted retailers and financial firms increasingly go after medical records, security researchers say.

The article reports that these data and theft attacks against healthcare providers have increased over the past five years.  Once a large healthcare organization hospital system or medical integrated provider is targeted it can cost them on average $2 million to defend, prepare and notify those who've been affected by the breach.  Recently such well-known providers including Anthem and Community Health Systems have taken sophisticated measures and invested capital and resources into protecting their patient database.  This is a sign of how serious this problem has become and how real the threat to the financial health of the organization.

According to the Ponemon Institute's 2015 Global Cost of Data Breach Study -  The research and science reveals that the  cost of data breach has reached record levels.  The cost to respond and remediate a data breach now averages $3.8 Million globally.

The Cost of each Breach in dollars:

The study also found that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154.  Healthcare data breach is the highest cost per stolen record with the average cost as high as  $363 per record in some areas.

The director of research of this study (which consisted of 350 corporate and medical organizations) has  identified three reasons why the costs of cyber data attack are increasing.   The number one reason is the number of data breaches are simply increasing.  The loss of data is becoming more broad in scope and therefore the cost required to resolve security incidents increases correspondingly.  The number two reason is the financial consequences of losing customers requires greater effort and more cost to solve the problem to communicate with the patients.  The number three reason is  the cost of investigative activities,  assessments,  repair and rebuilding data bases and communication also increased.

The Data Breach problem for Physicians is not going away and it can be insured:

Every policyholder The Doctors Company insureds has at least some protection against this rising threat to their financial well-being.  The big three areas of protection needed are:

1. Information Privacy Breach
2. Electronic Data Recovery
3. Regulatory Protection

The Doctors’ Company provides Cyber/Data Breach Liability Insurance up to $ 50,000 after a low level ($ 1,000 deductible) to protect your medical practice against the risk of data breach. CyberGuard® is aggressive, broad coverage that protects doctors against regulatory and liability claims arising from the theft, loss, or accidental transmission of patient or financial information, as well as the cost of data recovery. They were the first insurer to include cyber liability protection as part of their medical liability coverage, and they continue to include this critical coverage for the fastest-growing threats to your practice.

However you can purchase more protection for usually not more than $2000 annual premium to increase your coverage to $1 million.  The Doctors Company working in partnership Beasley Insurance Company, a leader in data management and network security, has developed a response guide for The Doctors Company policyholders.   The Incident Response Guide discusses the most common types of security events.  That includes malware intrusions, social engineering attacks, unauthorized network access ,lost or stolen devices, and other kinds of data security incidents and breaches.  The Incident Response Guide also provides best practices to assist with preparation documentation and helps medical practices assess their overall risk.

Nearly 90 percent of health-care providers were hit by breaches in the past two years, according to the Ponemon Institute research. The Ponemon Study revealed some key statistics:  

•    the purchase of insurance can reduce the cost of a data breach. Insurance protection reduces the cost by $4.40 per record.
•    The most costly breaches continue to occur in the U.S. and Germany
•    The average global cost of data breach per lost or stolen record is $154. However, if a healthcare organization has a breach, the average cost could be as high as $363,
•    Hackers and criminal insiders cause the most data breaches. Forty-seven percent of all breaches in this year's study were caused by malicious or criminal attacks.
•    Time to identify and contain a data breach affects the cost. For the first time, our study shows the relationship between how quickly an organization can identify and contain data breach incidents and financial consequences.

The breaches like the  ones exposing millions of consumers at health insurer, Anthem Inc., and hospital operator, Community Health Systems Inc., have increased risk awareness.  Most of their peers are still unprepared for sophisticated data attacks, security experts have said.

The Beazley Response in partnership with The Doctors’ Company

The separate premium to increase the limit and to make available all of the risk management and security consulting services of Beasley makes this extra premium very much worth considering.  The Beasley Breach Response is an information packet that comes with your insurance policy that sets out the process for responding to an actual or suspected data breach.   The policy also includes complementary loss control and risk management information including online resources and webinars.  Your organization will work with the response team at Beasley to help with the investigation by using sophisticated forensic breach procedures.  At every stage of the investigation the Beasley team of data privacy attorneys and technical experts will be at your side.

The low low cost of Medical Malpractice Insurance makes Cyber Liability Insurance very affordable. So many physicians are required to carry medical malpractice insurance and they are able to do so these days at incredibly reduced premiums due to the prolonged soft market reduced frequency of claims and the continued surplus of capital that has found its way into the medical malpractice insurance.  To carry a medical malpractice insurance these days without also ensuring your practice against the risk of a cyber breach is becoming increasingly unnecessary at best and perhaps irresponsible at worst.  


You need to log in to comment.
  1. Re: Clinical Research Liability

    Do you recommend purchasing a tail insurance or a occurrence based insurance and add a tail policy afterwards...

    -- Ann Shang

  2. Re: Clinical Research Liability

    I am talking with a CTO in the US ( I am in US too) to be a contractor doing clinical trials on a part...

    -- Ann Shang

  3. Re: The Podiatrists Market Research Report states that demand for podiatrists will likely benefit from healthcare reform.

    My husband has been feeling a lot of pain in his feet recently. We think this could be due to his posture...

    -- Sarah

  4. Re: Developing Walk In and Urgent Care Centers

    It's good to see that urgent care facilities are becoming more and more prevalent. You are right that...

    -- Caden Dahl

  5. Re: Functional Medicine Malpractice Insurance

    Interested in obtaining information for FM MP

    -- Cynthia Shughrue

  6. Re: Visiting Residents/Intern/ Fellow (Hands On) Medical Malpractice Insurance

    I am a final year medical student planning to do a couple of electives in medical school in the US and...

    -- Varun

  7. Re: Medical Malpractice Insurance Benefits, expanding to outpatient facilities

    I like the idea of some of the cost returning to the normal discounted market after a few years of claims...

    -- Dave Anderson

  8. Re: Who Can Perform Liposuction Surgery?

    This is very interesting content! I have thoroughly enjoyed reading your points and have come to the...

    -- Re: Who Can Perform Liposuction Surgery?

    Thanks for helping me understand any licensed physician can actually perform this procedure as per the...

    -- Millie Hue

  9. Re: The Podiatrists Market Research Report states that demand for podiatrists will likely benefit from healthcare reform.

    Thanks for giving me more information about the benefits of podiatrists from the healthcare reform. ...

    -- James