Colorado Medical Society

COPIC Comment: Protecting against the threat of cyber attacks

Tuesday, January 24, 2017 01:37 PM

COPIC Comment

Among the emerging challenges in health care, cyber liability has gained a lot of attention. A 2016 study by Ponemon Institute[1] found that health care organizations often “lack the money and resources to manage data breaches caused by evolving cyber threats, preventable mistakes and other dangers.” The study also estimates that data breaches could be costing the health care industry $6.2 billion.

Why are medical practices a target for cyber crime?
Health care entities have access to confidential and personal information, including medical records (electronic and paper), billing information (credit cards) and Social Security numbers. Compromised identities can be sold for as little as $50 each and can cost a practice at least $240 per year/per identity for the associated expenses after a data breach.

What are the key risks?

How are health care providers exposed?

How does COPIC help protect against these threats?
COPIC has embedded cyber liability coverage in our policies. In addition to addressing the risks previously mentioned, this coverage also addresses incidents that involve non-electronic (print) privacy breaches and patient identity exposures as well as business interruption issues. Actual de-identified examples of incidents we have dealt with include the following:
A medical practice mistakenly placed one patient’s information on a prescription for another patient. A notification letter was sent to the patient whose information was disclosed, and the practice received no response from the patient. The incident was reported to the Office for Civil Rights and the practice completed an updated security risk assessment. Had the patient responded to the letter, the practice would have provided 12 months of identity theft protection.

A medical practice had a power outage occur while its computers were backing up data. It led to a loss of data and the corruption of the files being saved. The computer issues were resolved, but the practice was unable to recover two days worth of data. A vendor was hired to assist with data recovery. No personal health information was compromised, but the practice experienced some business interruption. The data was able to be recovered and the practice was able to access the affected records and fully resume operations.

In addition, COPIC Financial Service Group can offer expert assistance to review added levels of coverage and protection that may be appropriate for certain medical practices.

COPIC recognizes that cyber risks are creating a new array of challenges where health care professionals need support. We continue to invest in resources such as a special report on data breaches (request a copy at Staying at the forefront of emerging risks and offering practical guidance is one of the many ways we stand beside our insureds to help them prepare for the future of health care.