Data Breach Liability, Network Security
The Doctors Insurance Agency works with over 4,000 healthcare facilities, physicians and allied providers. As technical sophistication increases, the safety of the systems controlling personal health information becomes an increasing threat and cyber liability rises to the same level of importance as medical professional liability.
For three decades we have been a proud regional office underwriting partner, marketing representative, and agent for the nation’s largest medical malpractice insurance company. To meet this increasing demand and crisis for healthcare systems, The Doctors Company has announced higher limits available to groups and facilities to protect against extortion and data loss.
The Doctors Company is committed to ensuring your healthcare clients have access to the best cyber liability coverage on the market.
The Doctors Company has surveyed the policy leaders and executive managers of their groups, and are pleased to announce updated cyber offerings, including state-of-the-art coverage enhancements, substantially higher limits of liability, and expanded support for breach notification.
The product at The Doctors Company is called CyberGuard® PLUS and is now available at higher limits. Clients who opt for the higher limits will receive specialized claims service, expert breach counsel, and faster application processing.
Beginning in 2008, most medical malpractice policies in the country added a smaller limit of attorney defense representation and audit expense for an initial response to claims of data breach. These are referred to in the industry as sub-limits, and when a physician has a loss or there has been device theft or even a slight mishandling of a file, this can cause the Medical Group to have responsibility to provide notification to its patient base.
It was determined pretty quickly that those smaller limits were not sufficient, and that is why these products are referred to as buy-up, higher limits, or standalone. Rregardless, it is important to consider your cyber risk as separate from your medical professional liability risk.
Real claims are published daily. The Doctors Company, Beazley, and other Lloyd’s and American markets pay these claims and defend these physicians and healthcare organizations on a weekly basis.
Some cyber aims are cluster reported:
Surgeon posts patient IDs, penalties could total $4.5 million.
A plastic surgeon posted before and after photos of several patients on her website. The website’s code was written incorrectly, accidentally exposing the patients’ personal information. Legal settlements per patient have exceeded $150,000. With 15 claims filed and 15 more expected, costs could total more than $4.5 million.
Price tag for stolen laptop and phone: $150,000.
An employee of a county health center had his laptop and mobile phone stolen from his car. The devices were not password protected, and both contained personal health information of the center’s patients. The total costs for this HIPAA violation could exceed $150,000.
One of our most committed specialty insurance carriers is the innovative, financially strong, and healthcare-committed Lloyd’s of London, operating through their Beazley healthcare division.
Mike Donovan, head of technology and cyber insurance at Beazley comments: “Without walling themselves off, modern businesses cannot avoid cyber risk. But they can prepare for it. And we believe the insurance market can play a crucial role in helping them prepare. We have created a portal to give brokers the critical insight and tools they need to understand the risk environment.”
Beazley and companies like The Doctors Company have created specialty teams to respond and partner with our policyholders to help them develop in-house solutions and strategies. Beazley is a pioneer in cyber liability and data breach insurance. It remains the only insurer to have a dedicated in-house breach response team responsible for coordinating the expert forensic, legal, notification and credit monitoring services that clients need to satisfy all legal requirements and maintain customer confidence. Since the launch of Beazley Breach Response in 2009, Beazley has helped clients handle more than 6,500 data breaches.
In recent months, Beazley Breach Response (BBR) Services has seen the number of reported ransomware incidents climb again. The varieties of ransomware and the differing technical abilities of the criminals make effective response a very unique challenge.
Breach response services,such as forensics and legal counsel, are often necessary in ransomware attacks to determine the level of access obtained by the attacker. If the attacker accessed or exfiltrated personally-identifiable information or protected health information, notification
to all affected individuals may be required by law.
This past fall saw an increase in these kinds of attacks.
Policyholders were hit particularly hard, with notifications to Beazley of ransomware attacks more than doubling relative to summer. Healthcare is still the most targeted industry (37%). Just like with medical malpractice, risk management, prevention, and preparation are essential in defending and avoiding these claims.
Beazley Services provides a full range of resources to help mitigate risks before an incident occurs. The policies include a user a portal where you will find resources for incident response planning, employee training, compliance, and security best practices. Newsletters and live expert webinars will help educate you about the latest threats, preventive steps, and regulatory developments. BBR Services also coordinates a variety of pre-breach services, such as onboarding calls, incident response plan review, and on-site workshops so you can improve the robustness of your cybersecurity.
Data breach, cyber theft, and attempts at ransom extortion are not the exclusive risk of Fortune 500 companies. These insurance policies should have tactical teams ready to respond on your behalf.