According to an annual report from the FBI’s Internet Crime Complaint Center, or IC3, the top three targets of hacking attacks are healthcare practices, small-to-midsize businesses, and the government, respectively.

For many small healthcare practices, the threat of a breach of sensitive patient data can be a business-ending event. As a result of storing personal health information of patients, including medical records, test results, and medical bills, practices are held to strict HIPAA compliance laws that require disclosure to patients if their sensitive medical data is stolen or compromised. Cyber liability insurance can be critical for the protection of medical practices’ financial survival against the overwhelming costs of a data breach. Fines from HIPAA data breach violations can range from $50,000 to $1.5 Million, regardless of if it was the provider’s fault.

Data breach lawsuits, business interruption expenses, ransoms, and regulatory fines and penalties are significant costs that can be covered by a cyber liability insurance provider.

Policy costs can range widely, and are typically based on a practice’s healthcare specialization, the level of cyber risk, and the type of sensitive data a practice stores.

“If you’re a victim of a cyberattack, it’s too late to consider cybersecurity insurance coverage. You really need to rewind. You need to make sure that you have that incident response plan in place first,” Eric Hobbs, CEO of Technology Associates advises. “Know what factors are covered by your coverage and which aren’t. Will your policy pay your ransom? Will it pay to get your data back? Will it pay for forensic costs to make sure that the hackers aren’t still in your system? Does it cover loss of business or loss of funds?”

The landscape is ever-changing, so stay on top of this – a quick call with your commercial insurance agent to run through your own nightmare scenarios will help avoid confusion and frustration later.

In November of 2020 in Wilmington, NC, a Medical Practice fell victim to a Ransomware attack. Hackers demanded a ransom and stole 3,702 files and 201 folders, but prior to the encryption key being released, Hackers posted 13.4 GB of patient data online. Files released contained the names: “2019 Photos”, “AdminScans”, “Dr. Pictures”, “FORMS”, “Ins.Scan”, “Medicare Incentives”, “Vascular Lab”, and other file names that appeared highly sensitive in nature. The practice notified 114,834 patients just before Christmas of 2020 that their personal data, including social security numbers, had been stolen at the hands of hackers. Patients accused the medical practice of negligence and claim to have suffered ascertainable losses in the form of out-of-pocket expenses and time spent remediating the effects of the ransomware attack, and therefore have decided to sue the practice.

Act before it’s too late. Partner with an IT firm who can help you create your incident response plan, and advise you on the best cyber liability insurance policy for your practice. Learn how you can help Protect Your Practice Against a Ransomware Attack.