The healthcare industry continues to be one of the main targets for cybercrime. In 2015, the number of breaches and patient records stolen or compromised continued to grow. There are two main reasons for the increase in the number of healthcare Personal Health Information (PHI) and Personal Individual Information (PII) being targeted.
One is because of the type of information that hospitals and medical practices store in both electronic and paper formats. Medical practices store information such as health insurance, health data, social security numbers, as well as ages and addresses that can be sold for a much higher amount than other stolen data. The second reason is the information is not always as secure as other industries, such as retail and banking.
Prior to 2015, the most frequent causes of lost or stolen patient information was because of loss of electronic devices such as a laptops, phones, or portable drives. In 2015, the most frequent cause of lost patient data was actually because of hackers who are able to hack into databases and steal medical records.
Of course, the best situation would be to take steps to prevent data breach of your patient information and comply with HIPAA and HITECH regulations. And because CAP recognizes that even when the best precautions are taken a breach can still occur, CAP Physicians Insurance Agency, Inc. provides a CyberRisk Insurance policy for all of our members to protect their practice in case there is a data breach involving the PHI or PII of their patients.
The policy provides protection in the areas listed below as well and gives guidance and direction as to what you need to do in the event you do experience a breach:
- Multimedia Liability
- Security and Privacy Liability
- Privacy Regulatory Defense and Penalties
- Network Asset Protection
- Cyber Extortion
- Cyber Terrorism
- Crisis Management Expenses and Breach Response Costs
The limits of coverage are $50,000 per claim with notification costs outside of the policy limit. One of the most costly parts of data breach is the requirements of having to notify each patient who may have had his or her record breached. The average notification costs can run from $5 to $30 per notification, depending on the level of the breach. CAP CyberRisk policy will pay for 5,000 notifications outside the policy limit of $50,000 per claim.
CAP Physicians Insurance Agency, Inc. is working to help physicians understand the risks of data breach and what can be done to protect their practice by providing valuable tips on how to prevent and mitigate a breach. You also may want to consider purchasing an additional CyberRisk policy that provides $1,000,000 limits. If you are interested in obtaining more information or would like to consider purchasing higher limits, please contact us at CAPAgency@CAPphysicians.com.