Digital data collection, storage and transmission are a must today. But these activities present new risks and challenges for the healthcare industry.
With the growth of electronic record keeping and digital communications, it is common for hospitals and other healthcare operations to amass a great deal of confidential information about their employees, patients, procedures, research, and financial status. Most of this information is collected, processed, and stored on computers and transmitted digitally to other computers across networks both internal and external
The integrity of computer systems can be breached even with firewalls, virus detection, and many other safeguards in place. A breach can even result from a simple mistake such as a misplaced laptop or inadvertently unprotected back-‐up media. An email could result in the crash of another party’s network or transmit a computer virus or other type of malware. Such breaches can lead to large-‐ scale theft, pilferage or alteration of sensitive data.
Such challenges to a system can come from distant hackers or those close to facility’s operation. Even if state-‐of-‐the-‐ art security controls are in place, there is still a risk from a determined criminal element that can bring operations to a halt. However, a large proportion of data breaches are not unknown hackers with criminal intent or a desire to cause vandalism to the system, but employees, former employees, or even business partners. Whether because of internal incompetence, malicious intent, or the desire to extort money, computer systems and the information they hold can be damaged, pilfered, or held hostage.
Protecting the privacy of patients is basic to the operations of any healthcare facility. That privacy can be compromised; personal information can be obtained in many ways and used inappropriately. The risks are not only that the information will be damaged, stolen, or misused but the actual or implied theft of improperly protected electronic data also can result in an extortion threat. The financial cost and cost of distraction of a hacker’s extortion demand that threatens to shut down an entity’s system or to expose confidential information can be enormous.
Hospitals and their risk managers should assess their cyber liability exposure and explore suitable insurance products for comprehensive risk coverage.
Other cyber risks include inadvertent wrongful disclosure of confidential information, an email, web file, or blog or forum posting t h a t could result in allegations of defamation. Legal actions against healthcare entities can also be related intellectual property theft, trademark or copyright infringement, libel or other defamation, and even product disparagement.
Risk Mitigation and insurance Coverage Are Essential
Organizations often fail to realize that exposure to cyber liability affects the bottom line as well as damages relationships with customers, vendors, and partners. Confidential information, content, knowledge, and business intelligence are vital information assets that must be protected. The establishment of an information security policy, constant vigilance, and the use of sound practices and industry-‐recognized safeguard processes and technologies create a balance between the technological and procedural aspects of information security management. But the ongoing process of exercising due care and due diligence to protect information and information systems from unauthorized access, use, disclosure, destruction, modification, or disruption is not the only indispensable part of protecting 4 2 operations.
Business interruption resulting from a security failure, a cyber extortion threat and the costs related to privacy notification, the management of an information security failure, and the resulting disaster recovery costs are all challenges to a facility’s continued viability.
A cyber liability insurance policy is an indispensable part of any healthcare operation’s risk management program. With coverage’s tailored to meet the unique and evolving cyber insurance needs of hospitals and other healthcare organizations, appropriate insurance and the accompanying risk management services eliminate gaps in insurance coverage and position an entity for continued productivity.
Cyber Liability Coverage
A Cyber Liability policy covers the following:
- Disclosure injury: lawsuits alleging unauthorized access to or dissemination of the plaintiff’s private information.
- Content injury: legal actions arising from intellectual property infringement, including patent, trademark, and copyright infringement.
- Reputational injury: allegations of the disparagement of products or services or of libel, slander, defamation, and invasion of privacy.
- Conduit injury: demands for remedies for harm to third-‐party systems allegedly resulting from system security failures.
- Impaired-‐access injury: suits, civil fines, and penalties arising from system security failure resulting in the computer systems of business partners or others being unavailable for use.
The policy can also provide the following riders:
- Forensic costs: costs to determine how the breach occurred.
- Crisis management and reward expenses: 3 including the cost of public relations consultants to maintain the reputation of the business.
- E-‐threat or cyber extortion: including the cost of a professional negotiator and ransom payment to stop cyber attacks caused by malicious hackers.
- E-‐Vandalism expenses: paying the costs of malicious damage even when an employee causes such vandalism.
Optima Insurance Brokers Pvt. Ltd. is a leading insurance broking company based in Delhi and has a pan –India presence.
Optima manages insurance for more than 125 well-‐known companies including GE, Honeywell, Nat Geo, E&Y, India Bulls etc. With a team of more than 100 accomplished professionals we are geared to handle the most complex insurance needs of our clients. For more information on this policy, contact us on info@optima.co.in
Download pdf
Recent Comments