Healthcare Facilities Documented Most at Risk for Cyber Exposures
Identity theft can occur through internal theft of precious data by employees. Multiple senior care providers are experiencing the above mentioned fines and penalties due to their lack of exposure mitigation, such as firewalls, virus protection and employee training. Unfortunately, even the most prepared facility can become victim to an experienced hacker or inadvertently expose patient records. These breaches can lead to substantial damages and defense costs. Below are a few claims scenarios that have resulted in losses in the healthcare industry.
Claim Scenario #1A pharmacy employee sold a computer to a private individual. The laptop still contained prescription records, including the names, addresses, social security numbers and medication lists of pharmacy customers. Loss: State law regulations required certified notification to all of the affected parties. Two lawsuits were filed by the individuals whose privacy was violated: 1) Plaintiff alleged damages due to job loss as a result of the disclosure. 2) Plaintiff alleged her identity was stolen and sued to recover the costs of correction and emotional distress. A HIPAA investigation was also triggered. TOTAL AMOUNT PAID IN EXCESS OF: $410,000.
Claim Scenario #2A part-time medical care facility employee gained unauthorized access to confidential electronic patient records. The employee confided a patients HIV status to co-workers, so the patient sued the facility for lack of adequate IT security measures, which should have protected the patients digital records from being breached. Loss: Damages awarded were $250,000. Defense Costs were $85,000. TOTAL AMOUNT PAID: $335,000.
Privacy and Cyber Liability InsuranceFrom laptop and employee data theft to inadvertent transmission of confidential data via email, losses to senior living facilities is escalating exponentially in occurrences and dollars. Standard commercial liability policies do not respond to the new cyber exposures. They were designed for old fashioned theft and burglary. The addition of Cyber and Privacy (C&P) insurance is now the only way to fully insure any business in the healthcare industry. Insurance cant prevent a security breach from occurring, but it can ease some of the financial burden.
The primary components of Cyber Liability policies are:
- Privacy Liability: coverage for liability arising out of ones right to privacy
- Network Security: coverage for liability arising from security breaches
- Technology E&O: coverage for liability arising from services provided to others
- Media/Content: coverage for liability arising out of the use/dissemination of media
ABOUT THE AUTHOR