Wednesday, January 9, 2019

New HHS Report Addresses Health Care Industry Cybersecurity

Dave Kyllo

The Department of Health and Human Services (HHS) issued a new publication in late December providing guidance and voluntary recommendations related to cybersecurity for health care providers.  The publication, titled “Health Industry Cybersecurity Practices:  Managing Threats and Protecting Patients,”  explores the five common threats facing health care providers and details 10 practices to mitigate the threats. 

The five threats explored in the new HHS report include:
  • E-mail phishing attacks;
  • Ransomware attacks;
  • Loss or theft of equipment or data;
  • Insider, accidental or intentional data loss; and, 
  • Attacks against connected medical devices that may affect patient safety.

Cybercrime is rampant in the United States and the need for health care providers to be proactive and protect themselves against losses due to cybercriminal activity only increases.  Before purchasing cyber liability insurance, it’s important to understand critical cyber risks facing businesses today and what risks long term care providers should insure against.  Below are examples of key components of a comprehensive cyber liability insurance policy: 
  • Security & Privacy Liability – A cyber thief hacks your facility’s computer system and steals the personal data of past and current residents/patients.  Your facility gets sued for $1 million on behalf of several resident families for the negligent unauthorized release of personal information.   
  • Breach Event Costs – The cost of notifying all the victims of the data breach and their families can be staggering as can the public relations expense of explaining what went wrong.
  • Regulatory Fines and Proceeding Coverage – Regulators will likely be interested in the cause of your data breach and whether your response followed state and federal laws.   Coverage includes paying for your legal counsel, hearing expenses and any fines where insurable under the law. 
  • Multimedia Liability – This includes protection should your facility’s logo be similar to another company’s logo or should your website contain content that is copyrighted or trade-marked by others. 
  • Network Asset Protection – Hackers may destroy software and the information/data stored in your computers.  This coverage pays for the expenses to replace or restore software and data.
  • Business Interruption Income Loss – Facility revenue may be impacted through a tainted reputation following a data breach.  Insuring against this risk pays for the reduction in profit and extra costs such as renting a replacement computer system.
  • Cyber Extortion – Possibly one of the most talked about cyber security risks is “ransomware” – a computer virus that freezes your computer system until the demanded ransom is paid.  The insurance pays for expert advice on how to retrieve your system, negotiate with the hackers and pay any ransom if necessary.

HealthCap is the AHCA/NCAL endorsed carrier for liability insurance and cyber liability coverage.  The company’s sole focus is serving the needs of long term care providers, including assisted living.  HealthCap® carrier partners offer cyber liability insurance and it is not necessary for a long term care provider to have General or Professional liability insurance through HealthCap to purchase cyber liability insurance through HealthCap’s carrier partners.

For more information about HealthCap’s comprehensive suite of data security and privacy insurance solutions and to find a local agent, contact Stephanie Hale at

No comments:

Post a Comment