Third-party vendors often have access to sensitive patient data, and if they suffer a breach, it can lead to the exposure of patients’ personal and medical information.
An escalating regulatory environment also impacts cyber coverage and risks for healthcare companies, which are subject to strict compliance obligations like the Health Insurance Portability and Accountability Act (HIPAA). If a vendor fails to comply with these regulations, it can result in legal and financial consequences for the company.
Increasing ransomware attacks, technological complexity due to mergers and acquisitions, and medical device security concerns (IoT devices, specifically) have put pressure on cybersecurity efforts. Since the start of 2023, over 40 million patients nationwide have been affected by 327 data breaches, according to the Office for Civil Rights. A study by IBM reports that the average cyber event now costs over $10 million for U.S.-based healthcare organizations.
Healthcare facilities should work with sophisticated brokers to address the IT improvements sought by underwriters. USI assists in addressing cyber and privacy risks first, creating a “Healthcare Top 10 Cyber Risk Management Review.” We then identify the appropriate cyber insurance to cover the costs of a loss, whether it’s a ransomware event or a business email compromise that requires network and forensic assistance.
For example, when a regional clinician group was a victim of a ransomware attack, USI professionals worked with the client and insurance carrier to resolve the initial ransom demand and remediation cost, which totaled approximately $500,000 in ransom, $100,000 to secure the bitcoin, and $300,000 in forensics and other network expenses. Since the firm had USI’s PrivaSafe cyber coverage, the cost for the incident was paid minus the self-insured retention of $50,000.
Watch our on-demand cybersecurity webinar for healthcare companies, led by our cyber insurance leaders and healthcare industry specialists, on effective risk management and insurance solutions.