Don’t Gamble with Protecting Your Healthcare Facility
According to a new report, the healthcare industry will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014. The size of the industry, and the type of information that can emerge from a breach, is what makes the sector so vulnerable. Also, many individual doctors don’t associate themselves with the data management business, which leaves them unprepared for cyber threats that exist. Ultimately, healthcare data is valuable. Individual personal records can be sold from anywhere from $10-$28 each. However, when those records include health data, the value of an identity data set jumps to about $50.
Don’t wait until tomorrow to protect your business from a data breach. Good cyber risk management requires the planning and execution of all four of these components.
Develop Strategies to Prevent a Data Breach
Your data breach prevention strategies may include encrypting all devices used by your employees, such as laptops, tablets and smartphones. Encrypting these devices will prevent unauthorized access if a device is lost or stolen. Unencrypted devices are often not covered by a cyber liability policy, so make sure you know whether you need to encrypt the devices or not.
Analyze your cyber risks from three different perspectives: technology, people and processes. This risk assessment will give you a clear picture of potential holes in your security. Revisit and revise your plan regularly, because new risks arise often, sometimes even daily.
Know Your Disclosure Responsibilities
If you experience a data breach, you may be legally required to notify certain people. If your company is publicly traded, guidelines issued by the Securities and Exchange Commission (SEC) make it clear that you must report cyber security incidents to stockholders—even when your company is only at risk of an incident.
Your Crisis Management and Response Plan
Preparedness is key when developing your cyber risk management program. When you experience a data breach, you need to be prepared to respond quickly and appropriately. This is where your crisis management and response plan come into play.
Determine when and how the breach occurred, what information was obtained and how many individuals were affected. Then assess the risks you face because of the data breach and how you will mitigate those risks.
While managing a crisis, let your clients know what actions you are taking, but also be sure you’re not disclosing too much information. It’s a delicate balance. Focus on improving future actions—this will restore trust in your stakeholders and clients.
Your in-house lawyers, risk managers and IT department should work together to create and refine your plan. Everyone should be on board and know their responsibilities when a breach happens.
Protect Your Data—and Your Business
Your cyber risk management program should include cyber liability insurance coverage that fits the needs of your business.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. Your cyber liability insurance policy can be tailored to fit your unique situation and can be written to include the costs of disclosure after a data breach.
Contact Assurance to learn more about cyber liability insurance and how you can protect your healthcare facility from a data breach.
ABOUT THE AUTHOR